Date: Tue, 27 Feb 2024 01:28:41 +0000 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Emmanuel Vadot <manu@freebsd.org> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 6e69612d5df1 - main - pam: Add pam_xdg module Message-ID: <q3t5ecjw7zrvswhwpqo7bcpoapfxn6unobsugfmwbtuyoifumn@kdamffwcyt4a> In-Reply-To: <202402261735.41QHZvL1027958@gitrepo.freebsd.org> References: <202402261735.41QHZvL1027958@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--cfvii5ondjlkuq5a Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 26, 2024 at 05:35:57PM +0000, Emmanuel Vadot wrote: > The branch main has been updated by manu: >=20 > URL: https://cgit.FreeBSD.org/src/commit/?id=3D6e69612d5df1c1d5bd86990ea4= d9a170c030b292 >=20 > commit 6e69612d5df1c1d5bd86990ea4d9a170c030b292 > Author: Emmanuel Vadot <manu@FreeBSD.org> > AuthorDate: 2024-02-21 14:51:05 +0000 > Commit: Emmanuel Vadot <manu@FreeBSD.org> > CommitDate: 2024-02-26 17:34:52 +0000 >=20 > pam: Add pam_xdg module > =20 > This is a module to setup the XDG directories and environment variabl= es. > For now the only usage is to have a XDG_RUNTIME_DIR environment setup= at > user login. > All other environment variable have a default fallback so no need to = export > them in this module. > The directory is created according to the XDG Base directory specific= ation. > =20 > The default base directory is /var/run/xdg/<username> but can be conf= igured > using the runtime_dir=3D<dir> module option. > =20 > According to the spec the directory *must* not survive a reboot so ad= ding > var_run_enable=3D"YES" to rc.conf is highly recommanded. > =20 > Reviewed by: des, pauamma (manpages) > Differential Revision: https://reviews.freebsd.org/D44011 > Sponsored by: Beckhoff Automation GmbH & Co. KG > --- > lib/libpam/modules/modules.inc | 1 + > lib/libpam/modules/pam_xdg/Makefile | 6 + > lib/libpam/modules/pam_xdg/pam_xdg.8 | 56 +++++++ > lib/libpam/modules/pam_xdg/pam_xdg.c | 311 +++++++++++++++++++++++++++++= ++++++ > 4 files changed, 374 insertions(+) [snip] > + > +static int > +remove_dir(int fd) > +{ > + DIR *dirp; > + struct dirent *dp; > + > + dirp =3D fdopendir(fd); > + if (dirp =3D=3D NULL) > + return (-1); > + > + while ((dp =3D readdir(dirp)) !=3D NULL) { > + if (dp->d_type =3D=3D DT_DIR) { > + int dirfd; > + > + if (strcmp(dp->d_name, ".") =3D=3D 0 || > + strcmp(dp->d_name, "..") =3D=3D 0) > + continue; > + dirfd =3D openat(fd, dp->d_name, 0); > + remove_dir(dirfd); A defensive programming technique commonly implemented in functions that recurse is to place a limit on how many times we recurse. HardenedBSD now places an arbitrarily picked limit of 1000 recursions: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/148478d5743a8d= d4362fd31dca4371618716d0a8 The limit can be changed at compile-time by defining REMOVEDIR_MAX_RECUR to a different integer value. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --cfvii5ondjlkuq5a Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmXdOsIACgkQ/y5nonf4 4fpgDg/+KNMG0ZfLWcQsMGSGaEM/BD08Z92jxfnrklQGnRz3N6GhurdcHfoGVP9x Bq4hbAMhX7USQ1W4VWDELiadUitlzBKOewvCsZOjRvhjGTUN9LHVe+CJXgMACHWZ KKORR/bE5Sy/M4tQPFPLC80yaLKwy6WlNFRd9rwz01Q6z4PIXe3+OHdzmTvdR8Hu cWv77h56P4274GLk9M8q/3IrNgBVp3euG/wqML8MvNrY49Ki2yv8OupahOQOtqQh l/FDsBRLJaHlrDUnfqjdh54LwFAHVhYlfcC2CFX/+YYH+/7WOPmCwMg3fp1j+KzI LD7FZoWdYl51job3+w4tDryoA7g/gqeOcZXVvs0+nQ8hKXb4Ps9h5UwTeXuU2cVt I9XLaBM+qM1AohZK4iWsscrLA+OCUesO7r5OAOc8DK3JPA28ehJPqv1gqytCNfTQ bMYTHVSCNopg4aAlI7mvpSJuCMdST29JFPFdWXx6e8vbs4sWT8NtfY/HtJasw9im B8eiGJPO/8glbRo9VFi5zTd7fcuiyxKE4LK/IEaALksF+VVN23fIK5NHcQlu/4Ph fh7vmvcAdj0FpmhNvLoLmL+ez3lIdRB4QytOPbfVKICNrzaTO79cVUs23ivUrJ9A dOfM5fU9Zee9yl1p4pp4GvcErqU86oQx9icoV8yIk0G+nr0SCBI= =J1BL -----END PGP SIGNATURE----- --cfvii5ondjlkuq5a--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?q3t5ecjw7zrvswhwpqo7bcpoapfxn6unobsugfmwbtuyoifumn>