e auth - use our memclear and fill it out with modern zeroing methods

so memset_s still doesn't get detected (add a check anyway), but there
are other alternatives, so detect and use them if found
(explicit_bzero, explicit_memset) in addition to the generally
"practically works" memset ptr method we had and.. just to be extra
safe add an asm memory barrier to this fallback. also.. mlock the
passwd memory in lokker (if it doesn't work - don't worry - there is
nothing we can do, so we did our best) to avoid this memory gettign
swapped etc.
This commit is contained in:
Carsten Haitzler 2020-02-18 10:25:23 +00:00
parent 276eb5b091
commit a3ae1b0ac2
4 changed files with 38 additions and 17 deletions

View File

@ -186,6 +186,18 @@ if cc.has_header('execinfo.h') == true
elif cc.has_function('backtrace_symbols_fd', dependencies: 'execinfo') == false
execinfo_dep = dependency('execinfo', required: false)
endif
if cc.has_function('explicit_bzero') == true
config_h.set('HAVE_EXPLICIT_BZERO' , '1')
endif
if cc.has_function('explicit_memset') == true
config_h.set('HAVE_EXPLICIT_MEMSET' , '1')
endif
if cc.has_function('memset_s') == true
config_h.set('HAVE_MEMSET_S' , '1')
endif
if cc.has_function('mlock') == true
config_h.set('HAVE_MLOCK' , '1')
endif
if cc.has_header('fnmatch.h') == false
error('fnmatch.h not found')

View File

@ -3,7 +3,7 @@
E_API int
e_auth_begin(char *passwd)
{
char buf[PATH_MAX], *p;
char buf[PATH_MAX];
Ecore_Exe *exe = NULL;
int ret = 0;
size_t pwlen;
@ -31,9 +31,7 @@ e_auth_begin(char *passwd)
out:
if (exe) ecore_exe_free(exe);
/* security - null out passwd string once we are done with it */
for (p = passwd; *p; p++) *p = 0;
if (passwd[rand() % pwlen]) fprintf(stderr, "ACK!\n");
e_util_memclear(passwd, pwlen);
return ret;
}

View File

@ -1458,25 +1458,29 @@ e_util_evas_objects_above_print_smart(Evas_Object *o)
}
}
/*
* NOTICE: This function should not be used by external modules!!!
*
* This function is just a hack to allow us to "securely" clear sensitive
* info until memset_s() is readily available, or at least we move this hack
* to Eina.
*
* This is going to work until link time optimizations are good enough.
* Hopefully by then, we'll be able to properly use memset_s().
*/
static void *(* const volatile memset_ptr)(void *, int, size_t) = memset;
#if defined(HAVE_MEMSET_S)
#elif defined(HAVE_EXPLICIT_BZERO)
#elif defined(HAVE_EXPLICIT_MEMSET)
#else
void *(* const volatile __memset_ptr)(void *, int, size_t) = memset;
#endif
E_API void
e_util_memclear(void *s, size_t n)
{
memset_ptr(s, 0, n);
if (n == 0) return;
#if defined(HAVE_MEMSET_S)
memset_s(s, n, 0, n);
#elif defined(HAVE_EXPLICIT_BZERO)
explicit_bzero(s, n);
#elif defined(HAVE_EXPLICIT_MEMSET)
explicit_memset(s, 0, n);
#else
__memset_ptr(s, 0, n);
__asm__ __volatile__("": :"r"(s) : "memory");
#endif
}
E_API Ecore_Exe *
e_util_open(const char *exe, void *data)
{

View File

@ -1,4 +1,5 @@
#include "e_mod_main.h"
#include <sys/mman.h>
#define PASSWD_LEN 256
@ -858,6 +859,9 @@ lokker_lock(void)
}
edd = E_NEW(Lokker_Data, 1);
if (!edd) return EINA_FALSE;
#ifdef HAVE_MLOCK
mlock(edd, sizeof(Lokker_Data));
#endif
E_LIST_FOREACH(e_comp->zones, _lokker_popup_add);
total_zone_num = eina_list_count(e_comp->zones);
@ -881,5 +885,8 @@ lokker_unlock(void)
E_FREE_LIST(edd->handlers, ecore_event_handler_del);
if (edd->move_handler) ecore_event_handler_del(edd->move_handler);
#ifdef HAVE_MLOCK
munlock(edd, sizeof(Lokker_Data));
#endif
E_FREE(edd);
}