[Tails-dev] tails-greeter: admin password, set-user-password…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: M
CC: tails-dev
Subject: [Tails-dev] tails-greeter: admin password, set-user-password-and-locale
hi,

I've looked a bit at the admin password feature => bug reports.

Even if you won't have time to fix all this, please make sure
everything is written in a place it won't be forgotten.

1. The /var/lib/gdm3/tails.password file must not be created in a
world-readable manner.

2. The password is written to this file without any kind of quoting,
then the file is interpreted by a shell. Seems obvious some kind of
passwords won't work, doesn't it?

3. set-user-password-and-locale error handling makes me doubtful.
It seems to me such code is hiding fatal error conditions under the
carpet:

     . /etc/live/config.d/username || exit 0
     if [ -z "${LIVE_USERNAME}" ] ; then
        exit 0
     fi


How about echo'ing something to STDERR at least?

4. /etc/sudoers.d/ directory seems not enabled yet, but I think it
should be unconditionally enabled at image build time by a
chroot_local-hooks, rather than at logon time.

5. namespace

   I see those files are deleted when no admin password was entered:
     rm -f /etc/polkit-1/localauthority.conf.d/52-tails.conf
     rm -f /etc/sudoers.d/tails.conf
   I understand why such cleanup is useful, but it reveals
   tails-greeter considers those files as its own files, it is the
   only one to manage, i.e. it takes over generic file names. I think
   s/tails.conf/tails-greeter.conf would be appropriate.


6. does not work twice-in-a-row

When LIVE_USERNAME's has had a password set once by tails-greeter,
then login, then logout, back at tails-greeter: tails-greeter does
not allow login, presumably because it does its autologin with
hardcoded password black magic tricks with the default / old /
obsolete password. This is a blocker. Using regular GDM autologin
functionality seems like the sane way to fix this. A
quick'n'dirty way to hide the underlying problem, and have things
working right now, is to reset the LIVE_USERNAME's password to the
default one, in set-user-password-and-locale, in if [ -z
"${TAILS_USER_PASSWORD}" ].

bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Who wants a world in which the guarantee that we shall not
| die of starvation would entail the risk of dying of boredom ?