From nobody Sat Feb 19 10:17:08 2022 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E710919C552A for ; Sat, 19 Feb 2022 10:17:11 +0000 (UTC) (envelope-from felix@palmen-it.de) Received: from stef.palmen-it.de (stef.palmen-it.de [IPv6:2001:470:1f0b:bbb:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4K14HW1GWfz3lJ9 for ; Sat, 19 Feb 2022 10:17:11 +0000 (UTC) (envelope-from felix@palmen-it.de) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palmen-it.de; s=20200414; h=Content-Type:MIME-Version:Message-ID:Subject:To :From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=cjt3FzRQ1EHfXQlpDyp56MbsEHLnwQga5pc6fG5H058=; b=16D6B2Ae3R513bN40JXkpdl94q fuApInli1zRHdbc/hxkVMc1dKgToPXdwBUlFwo6XggChgR5nbkpNVPZHFOuLme6oIY4W8HIz/NHFw 8LbOaPUKYieb3wcgv68nv5nuN3KQuppVXbGR7eWza/3a8F5QllYrUQlv1T+b2uko+NwU/qJ7mTjtk JOqowEF7pq6Yj9IxCpwioZDmcB+CCXJLQ7p5WOlK6JxsBO1mChWGMRaE0Y4XeRUZRGBe1MaOL34id QHeiq4cpG8x0/Jj7kvGfNjTe8CZaiQCZXbRoMGWj3HtCxvopEEEjuo1M0E4TYjdQ5Pk08X2AHtVLi UKrmerjw==; Received: from [192.168.71.101] (helo=mail.home.palmen-it.de) by stef.palmen-it.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nLMnd-006phm-Q2 for freebsd-hackers@freebsd.org; Sat, 19 Feb 2022 11:17:09 +0100 Received: from nexus.home.palmen-it.de ([192.168.99.2]) by mail.home.palmen-it.de with esmtpsa (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256 (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nLMnd-0006yg-ER for freebsd-hackers@freebsd.org; Sat, 19 Feb 2022 10:17:09 +0000 Date: Sat, 19 Feb 2022 11:17:08 +0100 From: Felix Palmen To: freebsd-hackers@freebsd.org Subject: New suid-root helper for pam_unix auth -- how to review? Message-ID: <20220219101708.cq3flvfigm5hafkf@nexus.home.palmen-it.de> Mail-Followup-To: freebsd-hackers@freebsd.org X-Face: /1K@t"h.}e~pR@]c7HorQ!T`F^RJCa'BCr#e>IKA{>C/9OTGB4|xh"y2{?1Z5M i2w"AH^pN_LlHR^{+f',_Np~;.B;!M/bL}*qk]p5*r7F5vW};{:@4u5S?T&f0$7BJ-71Q5SV]:v$`5 A0[DZ:=?S52x8HJ~5@^P_\T@MsjG{R( Organization: palmen-it.de List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="l73nijwh532ntpcd" Content-Disposition: inline User-Agent: NeoMutt/20211029 X-Rspamd-Queue-Id: 4K14HW1GWfz3lJ9 X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=palmen-it.de header.s=20200414 header.b=16D6B2Ae; dmarc=pass (policy=none) header.from=palmen-it.de; spf=pass (mx1.freebsd.org: domain of felix@palmen-it.de designates 2001:470:1f0b:bbb:1::1 as permitted sender) smtp.mailfrom=felix@palmen-it.de X-Spamd-Result: default: False [-7.80 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:1f0b:bbb:1::1:c]; TO_DN_NONE(0.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; HAS_ORG_HEADER(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[palmen-it.de:+]; DMARC_POLICY_ALLOW(-0.50)[palmen-it.de,none]; RCVD_IN_DNSWL_MED(-0.20)[2001:470:1f0b:bbb:1::1:from]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[palmen-it.de:s=20200414]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_MED(-2.00)[palmen-it.de:dkim]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; RCPT_COUNT_ONE(0.00)[1]; MLMMJ_DEST(0.00)[freebsd-hackers]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N --l73nijwh532ntpcd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable So, I added some code to allow pam_unix authentication for non-privileged processes by using a suid-root helper internally, and uploaded my code to phabricator: https://reviews.freebsd.org/D34322 That's the top of a 3-commits-stack, with the first commit only fixing some tiny error I came across, the second adds the helper and the last modifies pam_unix to use the new helper. My question now is, how should I proceed to get a review? In MAINTAINERS, I read des@ is maintaining libpam -- does this apply to modules as well, so should I add him as a reviewer? There's also the wording "email only" and I'm not sure what that means -- should I send him the patches by mail instead of adding him on phabricator? Thanks, Felix --=20 Dipl.-Inform. Felix Palmen ,.//.......... {web} http://palmen-it.de {jabber} [see email] ,//palmen-it.de {pgp public key} http://palmen-it.de/pub.txt // """"""""""" {pgp fingerprint} A891 3D55 5F2E 3A74 3965 B997 3EF2 8B0A BC02 DA2A --l73nijwh532ntpcd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEqJE9VV8uOnQ5ZbmXPvKLCrwC2ioFAmIQw54ACgkQPvKLCrwC 2ioyjQgAgqQURG9VjlVFiIXsP6iAw76l3pq9R1u/vwICvA4R9gV/LGdt0mLxQn58 oAllOu86Lb7l4vLPdFXAC7Fehzh9Xkbqt7WYk+gQz5ykAdnPX3mDmBqO2Ppf21Hn 2YdD1dX8AmaSd78qtmrJpzes99s2blqdkuWQ6gFS9PE/PEyVZOss8ZPkgPLEB1pS hvDc4oenQbHCwx8qKtd7/HQR7tKE9pSdHqEq66XAC801JG3Js1m/VJyYZGFS4vqt mCgX9Zk2Si8mQu2n0UtXioiE/ZVnucwSSHsgruwjMevl7NDzMMuqW5GHhsSwViwD Ps8yQdR12QQwfg1P3EzM7juEkEy3rQ== =l5cD -----END PGP SIGNATURE----- --l73nijwh532ntpcd--