leyoda/cosmic-greeter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Security hardening (#426)

Browse source 
- Switch gid and supplementary groups to user's when reading user's
  config
- Only show users between UID_MIN and UID_MAX in /etc/login.defs
- Open accountsservice icons with O_NOFOLLOW to explicitly disallow
  symlinks
This commit is contained in:
Jeremy Soller 2026-03-13 08:35:18 -06:00 committed by GitHub
parent 239fb4f22f
commit 63cd93bddd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 91 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

6
cosmic-greeter-config/src/user.rs
View file

@ -7,13 +7,7 @@ use std::num::NonZeroU32;
/// Per user state for Greeter.
#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
pub struct UserState {
#[serde(skip_serializing_if = "invalid_uid")]
pub uid: NonZeroU32,
#[serde(skip_serializing_if = "Option::is_none")]
pub last_session: Option<String>,
}
// Only serialize users not system accounts
const fn invalid_uid(uid: &NonZeroU32) -> bool {
uid.get() < 1000
}