Bug#647090: Review for the package on mentors.debian.net
* Michael Stummvoll <michael@stummi.org> [120121 11:16]:
> >> 2.Can you explain why usr/bin/slock should be setuid? I can guess
> >> that it's an screen locker so it may need the privilege to do its
> >> job, but since it is a potential security hole please document it
> >> in README.Debian for it.
> > slock seems to not support PAM thus only be quite limited in what
> > authentication it supports. Perhaps it might be better to remove
> > that then...
>
> Yeah, slock checks the password against shadow, thats because it needs
> root. May it is possible to patch PAM-Support into slock.
Actually, it only needs sgid shadow and not suid root, but in the long
run pam would be better, as that can (for example using unix_chkpwd
if using pam_unix) work without any elevated priviledges.
But such a change would be quite a big one (I think xlockmore gets pam
wrong, which is some indication how hard it is. One might want to look
into screen or vlock how they do it). It might make sense to move that
work upstream first to see what is acceptable.
As slock might also have other security relevant issues (like checking
the new Ctrl-Alt-KPMultiply issue, which some screen lockers have) and
thus be more complex than the whole rest, so it might make to split
it out of this package, i.e. just drop it from suckless-tools source
package.
Bernhard R. Link
Reply to: