1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

2594 Commits

Author SHA1 Message Date
Lennart Poettering
99620f457e service: close fdstore asynchronously
The file descriptors we keep in the fdstore might be basically anything,
let's clean it up with our asynchronous closing feature, to not
deadlock on close().

(Let's also do the same for stdin/stdout/stderr fds, since they might
point to network services these days.)
2023-04-13 06:44:27 +02:00
Lennart Poettering
3af48a86d9
Merge pull request #25608 from poettering/dissect-moar
dissect: add dissection policies
2023-04-12 13:46:08 +02:00
maanyagoenka
b60e0f5777 os-util: add a new confext image type and the ability to parse their release files
Adds a new image type called IMAGE_CONFEXT which is similar to IMAGE_SYSEXT but works
for the /etc/ directory instead of /usr/ and /opt/. This commit also adds the ability to
parse the release file that is present with the confext image in /etc/confext-release.d/
directory.
2023-04-05 21:50:04 +00:00
Lennart Poettering
3bcf564530 update TODO 2023-04-05 20:56:16 +02:00
Lennart Poettering
45ed795f41 update TODO
As it turns out RuntimeDirectoryPreserve= already supports such a mode.
2023-04-04 21:29:22 +02:00
Lennart Poettering
d657a4d8b1 update TODO 2023-04-04 21:29:22 +02:00
Lennart Poettering
a23d80d322 update TODO 2023-04-04 12:36:54 +02:00
William Roberts
acbb504eaf tpm2: add support for a trusted SRK
Prevent attackers from spoofing the tpmKey portion of the AuthSession by
adding a trusted key to the LUKS header metadata. Also, use a persistent
object rather than a transient object.

This provides the following benifits:
1. No way to MITM the tpmKey portion of the session, see [1] for
details.

2. Strengthens the encrypted sessions, note that the bindKey could be
   dropped now.

3. Speed, once it's created we just use it.

4. Owner Auth is needed to call create primary, so using the SRK
   creates a scratch space for normal users.

This is a "first to set" model, in where the first person to set the key
in the LUKS header wins. Thus, setup should be done in a known good
state. If an SRK, which is a primary key at a special persistent
address, is found, it will use whatever is there. If not, it creates an
SRK. The SRK follows the convetions used through the tpm2-software
organization code on GitHub [2], however, a split has occured between
Windows and Linux with respect to SRK templates. The Linux SRK is
generated with the unique field size set to 0, in Windows, it properly
sets the size to key size in bytes and the unique data to all 0's of that
size. Note the proper templates for SRKs is covered in spec [3].
However, the most important thing, is that both SRKs are passwordless,
and thus they should be interchangable. If Windows is the first to make
the SRK, systemd will gladly accept it and vice-versa.

1. Without the bindKey being utilized, an attacker was able to intercept
this and fake a key, thus being able to decrypt and encrypt traffic as
needed. Introduction of the bindKey strengthened this, but allows for
the attacker to brute force AES128CFB using pin guesses. Introduction of
the salt increases the difficulty of this attack as well as DA attacks
on the TPM objects itself.

2. https://github.com/tpm2-software

3. https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf

Fixes: #20668
Fixes: #22637

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2023-04-03 13:10:49 +02:00
Daan De Meyer
02c914efe6 Trim TODO a bit
Let's drop stuff that's already implemented.
2023-03-31 19:24:19 +01:00
Lennart Poettering
6f1fe575f0 TODO: drop items regarding swap-for-hibernate-only-use
I doubt we should bother. Swap always makes sense, and having a swap
partition for hibernate only without using it all the time just makes
the system worse overall.
2023-03-31 12:21:35 +02:00
Lennart Poettering
3739c2fdfc update TODO 2023-03-29 19:09:10 +02:00
Lennart Poettering
2d887a2638 update TODO 2023-03-27 15:55:36 +02:00
Lennart Poettering
f447b74185 update TODO 2023-03-27 13:20:11 +02:00
Daan De Meyer
f461a28da7 chase-symlinks: Rename chase_symlinks() to chase()
Chasing symlinks is a core function that's used in a lot of places
so it deservers a less verbose names so let's rename it to chase()
and chaseat().

We also slightly change the pattern used for the chaseat() helpers
so we get chase_and_openat() and similar.
2023-03-24 13:43:51 +01:00
Lennart Poettering
c1c4ecd356 update TODO 2023-03-14 23:06:32 +01:00
Lennart Poettering
aa03f49917 update TODO 2023-03-09 22:29:11 +01:00
Jan Engelhardt
3ff1721c21 doc: replace wrong á preposition by à 2023-03-07 13:06:43 +01:00
Lennart Poettering
c8170f9c39 TODO 2023-03-06 18:49:09 +01:00
Lennart Poettering
c48f13d8e1 update TODO 2023-03-02 10:18:24 +01:00
Lennart Poettering
3d092a70b2 update TODO 2023-03-01 09:43:24 +01:00
Lennart Poettering
a69a520bd4 update TODO 2023-02-27 19:07:34 +01:00
Lennart Poettering
8b098d94ae update TODO 2023-02-24 17:09:04 +01:00
Lennart Poettering
512f2da5c7 update TODO 2023-02-21 10:18:33 +01:00
Zbigniew Jędrzejewski-Szmek
beca6b6e6b TODO: add entry for time-based glob cleanup 2023-02-20 15:27:42 +01:00
Lennart Poettering
1334070157 update TODO 2023-02-16 14:07:03 +01:00
Dmitry V. Levin
30fd9a2dab treewide: fix a few typos in NEWS, docs and comments 2023-02-15 10:41:03 +00:00
Lennart Poettering
2fbfdb1edc update TODO 2023-02-07 15:12:07 +01:00
Lennart Poettering
1c904337a2 update TODO 2023-02-06 15:02:59 +01:00
Lennart Poettering
8f8d7dff54 update TODO 2023-01-26 11:51:50 +01:00
Lennart Poettering
43057bf604 update TODO 2023-01-25 11:54:02 +01:00
Lennart Poettering
aa9424cbe8 update TODO 2023-01-24 15:33:38 +01:00
Yu Watanabe
d09df6b94e tree-wide: fix typo 2023-01-20 15:32:16 +09:00
Lennart Poettering
a67a50e8f4 update TODO 2023-01-17 09:42:16 +01:00
Lennart Poettering
32284ffc12 update TODO 2023-01-16 14:29:16 +01:00
Lennart Poettering
6fee784964 update TODO 2023-01-10 18:28:38 +01:00
Jan Janssen
d84bdadb43 boot: Remove option TPM PCR compat option
It says remove in 2023; happy to oblige.
2023-01-09 09:52:55 +01:00
Lennart Poettering
46730cd632 update TODO 2023-01-06 16:15:14 +01:00
Lennart Poettering
e793038a5e update TODO 2023-01-06 15:36:58 +01:00
Lennart Poettering
7122aee5ab
Merge pull request #25918 from bluca/smbios_sd_notify
Support AF_VSOCK in sd_notify and pick up notify_socket from creds
2023-01-06 15:21:27 +01:00
Luca Boccassi
03ede612be Update TODO 2023-01-05 23:07:16 +01:00
Lennart Poettering
17eab9467d update TODO 2023-01-05 18:53:08 +01:00
Lennart Poettering
f912cdbc8d update TODO 2023-01-05 11:02:13 +01:00
Lennart Poettering
309bba96d6 update TODO 2022-12-23 12:44:57 +01:00
Luca Boccassi
e5f48108cb Update TODO 2022-12-19 14:49:01 +01:00
Lennart Poettering
a1ad873d2f TODO 2022-12-16 15:03:06 +01:00
Lennart Poettering
c0e42509da update TODO 2022-12-15 11:40:21 +01:00
Lennart Poettering
e591cd5c8a update TODO 2022-12-12 15:44:29 +01:00
Lennart Poettering
a0bccdd375 update TODO 2022-12-12 12:59:30 +01:00
Lennart Poettering
f18b0a7630 update TODO 2022-12-07 14:31:57 +01:00
Luca Boccassi
8825e90a70 Update TODO 2022-12-03 11:23:00 +00:00