If a client incorrectly communicates with the session worker, then it's
possible for plaintext passwords to be displayed.
This error appeared for me when I was testing tuigreet with
fprintd-grosshack, which in some situations seems to cause the greeter
to incorrectly return a "PamResponse" when the worker expects a response
in the form of either "Args" or "Cancel". Since unexpected messages are
returned as an error using the format! macro, this returns an error
message that directly exposes the user's password in plaintext.
On 4/27/24 11:55 PM, Nathaniel Mason wrote:
> If a client incorrectly communicates with the session worker, then it's
> possible for plaintext passwords to be displayed.
>
> This error appeared for me when I was testing tuigreet with
> fprintd-grosshack, which in some situations seems to cause the greeter
> to incorrectly return a "PamResponse" when the worker expects a response
> in the form of either "Args" or "Cancel". Since unexpected messages are
> returned as an error using the format! macro, this returns an error
> message that directly exposes the user's password in plaintext.
There is a bug in the greeter if it sends a
Request::PostAuthMessageResponse in response to anything other than
Response::AuthMessage. The case you describe is hit if such request is
sent after having received Response::Success.
It might make sense to send a hard error in this case.