Bug ID | 1090856 |
---|---|
Summary | Requesting audit of pam_kwallet |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | fvogt@suse.com |
QA Contact | qa-bugs@suse.de |
CC | lbeltrame@kde.org |
Found By | --- |
Blocker | --- |
pam_kwallet (https://cgit.kde.org/kwallet-pam.git) can be used to unlock the KDE wallet (password storage) using the password during login. It's included in the distro for a while now and was never properly reviewed by the security team as there is no such requirement for PAM modules. IMO a review should be done. It's a fairly small PAM module (plain C) which reads the password using PAM, computes the hash used as the encryption key, drops privileges and starts kwalletd with the key written into a pipe.