diff options
| author | Drew DeVault <sir@cmpwn.com> | 2018-10-06 12:17:36 -0400 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2018-10-06 12:20:12 -0400 |
| commit | c89e00a97e6bb04c6b4b5c906befdb4767540dbe (patch) | |
| tree | a4ccf0cb0afafc0c8db6cbded85a3b156945b12b /swaylock/meson.build | |
| parent | 85961f63bfe922831011f75860b3acde3d890a9f (diff) | |
Fix swaylock w/shadow on glibc, improve security
Today I learned that GNU flaunts the POSIX standard in yet another
creative way. Additionally, this adds some security improvements,
namely:
- Zeroing out password buffers in the privileged child process
- setuid/setgid after reading /etc/shadow
Diffstat (limited to 'swaylock/meson.build')
| -rw-r--r-- | swaylock/meson.build | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/swaylock/meson.build b/swaylock/meson.build index 6605340b..f3321a78 100644 --- a/swaylock/meson.build +++ b/swaylock/meson.build @@ -26,6 +26,9 @@ else warning('The swaylock binary must be setuid when compiled without libpam') warning('You must do this manually post-install: chmod a+s /path/to/swaylock') sources += ['shadow.c'] + if crypt.found() + dependencies += [crypt] + endif endif executable('swaylock', |