Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pam module causing sporadic unlocks with authentication clients that spawn child processes #969

Open
PaideiaDilemma opened this issue Nov 2, 2024 · 2 comments · May be fixed by #973
Open

Pam module causing sporadic unlocks with authentication clients that spawn child processes #969

PaideiaDilemma opened this issue Nov 2, 2024 · 2 comments · May be fixed by #973

Comments

@PaideiaDilemma
Copy link

PaideiaDilemma commented Nov 2, 2024
edited
Loading

Howdy version (sudo howdy version): aa75c76

The howdy pam module uses wait in order to wait for the python compare script to finish.
But wait blocks until ANY child process finishes. If the authentication client uses child processes as well, one of them could exit with 0 at the right time and it would unlock.

Just using waitpid instead would fix this issue.

wait to waitpid patch 
diff --git a/howdy/src/pam/main.cc b/howdy/src/pam/main.cc
index d1b8e34..8498655 100644
--- a/howdy/src/pam/main.cc
+++ b/howdy/src/pam/main.cc
@@ -290,7 +290,7 @@ auto identify(pam_handle_t *pamh, int flags, int argc, const char **argv,
   // zombie process)
   optional_task<int> child_task([&] {
     int status;
-    wait(&status);
+    waitpid(child_pid, &status, 0);
     {
       std::unique_lock<std::mutex> lock(mutx);
       if (confirmation_type == ConfirmationType::Unset) {

Discovered here: hyprwm/hyprlock#535
@PaideiaDilemma PaideiaDilemma mentioned this issue Nov 3, 2024
Open
16 tasks
@londeril
Copy link

londeril commented Nov 6, 2024

I'm just here to chime in that a fix for that would be very nice :)

@PaideiaDilemma PaideiaDilemma mentioned this issue Nov 11, 2024
Closed
@coyotepunk05
Copy link

This is definitely a big problem. Prevents me from using Howdy whatsoever with hyprlock. Big security risk.

@PaideiaDilemma PaideiaDilemma linked a pull request Nov 19, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix unwanted unlocks when auth client subprocesses exit with 0 PaideiaDilemma/howdy
3 participants
@londeril @PaideiaDilemma @coyotepunk05