From nobody Tue Feb 27 01:28:41 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TkKd86RsJz5C6v1 for ; Tue, 27 Feb 2024 01:28:44 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TkKd84fMyz4qQM for ; Tue, 27 Feb 2024 01:28:44 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-ot1-x32d.google.com with SMTP id 46e09a7af769-6dc8b280155so2751791a34.0 for ; Mon, 26 Feb 2024 17:28:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1708997323; x=1709602123; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=uKMpjW3WPqEDuTWn5P+YAgn1Dx9IWUWnlK2oRNiLvDI=; b=Cn32LGzafhNbubrQxSYsoVwaqJrSTAk+bfCuGIJLmC367+eiCvReptPo7OBYr1fuz8 PzhGfkt3090SzoXQZaP+TNCg1mWInJt1pJGUpBVjg0EY2oCgtQgauBdAn59NSSv9bivx y3uW1/qnWU4uw+oX7mXi8E/+vrjeP2vhPcHCbMJuaX7l8TxqCR+HTt6L4WYNrRarjN7m PbkLi5fqrN9jp8eufXfr8gXO8/144mQIeLdMFw+5ze0WCatLy/uOESM99Q+dPJSMtrlf pUnGU8Jws3GoJ4Qb/frtUVXGOo6g62JFUDOJo0EBS4uDScDeIS7LeiLZtlWhrhX6Msw+ FnUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708997323; x=1709602123; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=uKMpjW3WPqEDuTWn5P+YAgn1Dx9IWUWnlK2oRNiLvDI=; b=CHl2s64pnitcineLOZ3wA7487zOy+NQ+EukD4NHMvqEvYPzkAuPTIlLX2pOdt7SXZo 8YG0YpLmT/Yh6z8It884hE273lAT4H86dCrx8O6T7Im60TW4dMbzKqoIHFRHXopo6y6L ND7axalzKSGejgZaYuCvAbBn+f0QYvr0GTt64rRvyNJWyXIqLBN/ge23dn1REpJzaOOM 2FlmXb2Jc/3ehZ9yCffk+a4DTktesJLvxNrfHYt2f3MPQfe+Xnp/RZegl2123vGxGyw5 5SXXPgATGAU/6SnXNtnJ0g28xNlr+P2q1cfD/9XMNCJQr6hv19pJTT3pFPlGn4Rsg/ku +GOg== X-Forwarded-Encrypted: i=1; AJvYcCVVVW2KchF+ITHdbapPO0GH+AWs5Yds9Lb7oZmQguWh7kw4ckfJzvchNAidl4zXxQKYXdyYtdXIGr39fsmB78BY/KUr4SEul0S+LDQCSl1sag== X-Gm-Message-State: AOJu0YzcKyYXeGONuJ88JPluZTfRQ7dNBVbYvvbo04IRyb5naY73q5Tf GMVcphegTKPS6A56NR8cxZqmZLf4snYX6BLjU4FQwKSXGvk2MvWbgqTCnpjPovA= X-Google-Smtp-Source: AGHT+IFBk0DURbCX5j6gkkXY9zcqW/A6qTu+Zyd6JGvPboz7L9btI0dQFIdAXpNWDB7XZqJ9wP/Phw== X-Received: by 2002:a05:6830:1b69:b0:6e4:738c:a034 with SMTP id d9-20020a0568301b6900b006e4738ca034mr8349661ote.27.1708997323391; Mon, 26 Feb 2024 17:28:43 -0800 (PST) Received: from mutt-hbsd (174-24-72-211.clsp.qwest.net. [174.24.72.211]) by smtp.gmail.com with ESMTPSA id k24-20020a4a8518000000b0059a975f3b8esm1474140ooh.33.2024.02.26.17.28.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 17:28:42 -0800 (PST) Date: Tue, 27 Feb 2024 01:28:41 +0000 From: Shawn Webb To: Emmanuel Vadot Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 6e69612d5df1 - main - pam: Add pam_xdg module Message-ID: X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <202402261735.41QHZvL1027958@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cfvii5ondjlkuq5a" Content-Disposition: inline In-Reply-To: <202402261735.41QHZvL1027958@gitrepo.freebsd.org> X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4TkKd84fMyz4qQM --cfvii5ondjlkuq5a Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 26, 2024 at 05:35:57PM +0000, Emmanuel Vadot wrote: > The branch main has been updated by manu: >=20 > URL: https://cgit.FreeBSD.org/src/commit/?id=3D6e69612d5df1c1d5bd86990ea4= d9a170c030b292 >=20 > commit 6e69612d5df1c1d5bd86990ea4d9a170c030b292 > Author: Emmanuel Vadot > AuthorDate: 2024-02-21 14:51:05 +0000 > Commit: Emmanuel Vadot > CommitDate: 2024-02-26 17:34:52 +0000 >=20 > pam: Add pam_xdg module > =20 > This is a module to setup the XDG directories and environment variabl= es. > For now the only usage is to have a XDG_RUNTIME_DIR environment setup= at > user login. > All other environment variable have a default fallback so no need to = export > them in this module. > The directory is created according to the XDG Base directory specific= ation. > =20 > The default base directory is /var/run/xdg/ but can be conf= igured > using the runtime_dir=3D module option. > =20 > According to the spec the directory *must* not survive a reboot so ad= ding > var_run_enable=3D"YES" to rc.conf is highly recommanded. > =20 > Reviewed by: des, pauamma (manpages) > Differential Revision: https://reviews.freebsd.org/D44011 > Sponsored by: Beckhoff Automation GmbH & Co. KG > --- > lib/libpam/modules/modules.inc | 1 + > lib/libpam/modules/pam_xdg/Makefile | 6 + > lib/libpam/modules/pam_xdg/pam_xdg.8 | 56 +++++++ > lib/libpam/modules/pam_xdg/pam_xdg.c | 311 +++++++++++++++++++++++++++++= ++++++ > 4 files changed, 374 insertions(+) [snip] > + > +static int > +remove_dir(int fd) > +{ > + DIR *dirp; > + struct dirent *dp; > + > + dirp =3D fdopendir(fd); > + if (dirp =3D=3D NULL) > + return (-1); > + > + while ((dp =3D readdir(dirp)) !=3D NULL) { > + if (dp->d_type =3D=3D DT_DIR) { > + int dirfd; > + > + if (strcmp(dp->d_name, ".") =3D=3D 0 || > + strcmp(dp->d_name, "..") =3D=3D 0) > + continue; > + dirfd =3D openat(fd, dp->d_name, 0); > + remove_dir(dirfd); A defensive programming technique commonly implemented in functions that recurse is to place a limit on how many times we recurse. HardenedBSD now places an arbitrarily picked limit of 1000 recursions: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/148478d5743a8d= d4362fd31dca4371618716d0a8 The limit can be changed at compile-time by defining REMOVEDIR_MAX_RECUR to a different integer value. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --cfvii5ondjlkuq5a Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmXdOsIACgkQ/y5nonf4 4fpgDg/+KNMG0ZfLWcQsMGSGaEM/BD08Z92jxfnrklQGnRz3N6GhurdcHfoGVP9x Bq4hbAMhX7USQ1W4VWDELiadUitlzBKOewvCsZOjRvhjGTUN9LHVe+CJXgMACHWZ KKORR/bE5Sy/M4tQPFPLC80yaLKwy6WlNFRd9rwz01Q6z4PIXe3+OHdzmTvdR8Hu cWv77h56P4274GLk9M8q/3IrNgBVp3euG/wqML8MvNrY49Ki2yv8OupahOQOtqQh l/FDsBRLJaHlrDUnfqjdh54LwFAHVhYlfcC2CFX/+YYH+/7WOPmCwMg3fp1j+KzI LD7FZoWdYl51job3+w4tDryoA7g/gqeOcZXVvs0+nQ8hKXb4Ps9h5UwTeXuU2cVt I9XLaBM+qM1AohZK4iWsscrLA+OCUesO7r5OAOc8DK3JPA28ehJPqv1gqytCNfTQ bMYTHVSCNopg4aAlI7mvpSJuCMdST29JFPFdWXx6e8vbs4sWT8NtfY/HtJasw9im B8eiGJPO/8glbRo9VFi5zTd7fcuiyxKE4LK/IEaALksF+VVN23fIK5NHcQlu/4Ph fh7vmvcAdj0FpmhNvLoLmL+ez3lIdRB4QytOPbfVKICNrzaTO79cVUs23ivUrJ9A dOfM5fU9Zee9yl1p4pp4GvcErqU86oQx9icoV8yIk0G+nr0SCBI= =J1BL -----END PGP SIGNATURE----- --cfvii5ondjlkuq5a--