Skip to content
This repository has been archived by the owner on Nov 4, 2021. It is now read-only.

Commit

Permalink
Merge branch 'release-0.4'
Browse files Browse the repository at this point in the history
  • Loading branch information
leonnnn committed Mar 6, 2019
2 parents 323469f + 2be6ed4 commit c8f55b9
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 7 deletions.
6 changes: 5 additions & 1 deletion CHANGELOG
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
Release xxx:
Release 0.4:
• Security: Refuse to run if wayland session is detected. Running in a wayland
is insecure.

Release 0.3:
• Enhancement: Make pyxtrlock conform to the XDG specification. Patch by
Cristian Ciupitu.
• Enhancement: Ship script to create an empty lock symbol. Patch by Alexander
Expand Down
11 changes: 7 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -90,11 +90,14 @@ mailing list.

Bugs & Limitations
------------------
Additional input devices other than the keyboard and mouse are not disabled.
Pyxtrlock can only securely lock X11 sessions. Running pyxtrlock in other
session types, such as Wayland, is insecure and not supported. Pyxtrlock tries
to detect Wayland sessions and abort with an error message.

Pyxtrlock does not prevent a user from switching to a virtual
terminal, so be advised to always log out from your terminals.

Although this is not a bug, please note that pyxtrlock does not
prevent a user from switching to a virtual terminal, so be advised to
always log out from your terminals.
Additional input devices other than the keyboard and mouse are not disabled.

The length of the password is limited to 100 KiB to prevent memory
exhaustion attacks. This limit can only be adapted in the source code.
Expand Down
3 changes: 3 additions & 0 deletions bin/pyxtrlock
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import simplepam as pam

from pyxtrlock.cursor_file import load_cursor
from pyxtrlock import panic
from pyxtrlock import require_x11_session
try:
import pyxtrlock.xcb as xcb
except ImportError as err:
Expand All @@ -23,6 +24,8 @@ try:
except ImportError as err:
panic(err)

require_x11_session()

if getpass.getuser() == 'root' and sys.argv[1:] != ['-f']:
msg = (
"refusing to run as root. Use -f to force. Warning: "
Expand Down
40 changes: 40 additions & 0 deletions pyxtrlock/__init__.py
Original file line number Diff line number Diff line change
@@ -1,8 +1,48 @@

import os
import socket
import sys

from xdg.BaseDirectory import get_runtime_dir


def panic(*message_parts, exit_code=1):
"""Print an error message to stderr and exit"""
print("pyxtrlock:", *message_parts, file=sys.stderr)
sys.exit(exit_code)


def require_x11_session():
"""
Detect whether we're running in a Wayland session and abort if so.
"""

if os.environ.get("XDG_SESSION_TYPE") == "x11":
return

if os.environ.get("WAYLAND_DISPLAY"):
panic(
"WAYLAND_DISPLAY is set, suspecting Wayland session. "
"Using pyxtrlock in a Wayland session is insecure. Aborting."
)

if os.environ.get("WAYLAND_SOCKET"):
panic(
"WAYLAND_SOCKET is set, suspecting Wayland session. "
"Using pyxtrlock in a Wayland session is insecure. Aborting."
)

xdg_runtime_dir = get_runtime_dir(strict=True)
wayland_socket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM, 0)

try:
wayland_socket.connect(os.path.join(xdg_runtime_dir, "wayland-0"))
except OSError:
return
else:
panic(
"Successfully connected to Wayland socket, suspecting Wayland session. "
"Using pyxtrlock in a Wayland session is insecure. Aborting."
)
finally:
wayland_socket.close()
4 changes: 2 additions & 2 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,14 @@
]

setup(name='pyxtrlock',
version='0.3',
version='0.4',
author=authors,
author_email='[email protected]',
requires=['simplepam', 'pyxdg'],
packages=['pyxtrlock'],
scripts=['bin/pyxtrlock'],
license='GPLv3+',
url='https://zombofant.net/hacking/pyxtrlock',
url='https://github.com/leonnnn/pyxtrlock',
description=desc,
long_description=long_desc,
classifiers=classifiers
Expand Down

0 comments on commit c8f55b9

Please sign in to comment.