Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move WB_AUTH into session keyring on Linux #55

Open
noproto opened this issue Apr 8, 2022 · 1 comment
Open

Move WB_AUTH into session keyring on Linux #55

noproto opened this issue Apr 8, 2022 · 1 comment
Assignees
@noproto
Labels
enhancement New feature or request

Comments

@noproto
Copy link
Collaborator

noproto commented Apr 8, 2022

Currently the console secret is an environment variable that is inherited by process children. On Linux, the kernel's key management facility can store the secret so it can not be read through procfs. On FreeBSD, Solaris, etc., this will remain the same. To implement this change, all -- currently 5 -- instances of WB_AUTH in the library and application (https://github.com/WhiteBeamSec/WhiteBeam/search?q=WB_AUTH) need to be updated to use a platform-specific function. On Linux, this is add_key and request_key.

https://man7.org/linux/man-pages/man2/add_key.2.html
https://man7.org/linux/man-pages/man2/request_key.2.html
https://man7.org/linux/man-pages/man7/session-keyring.7.html
@noproto noproto added the enhancement New feature or request label Apr 8, 2022
@noproto noproto self-assigned this Apr 8, 2022
@noproto
Copy link
Collaborator Author

noproto commented Aug 4, 2022
edited
Loading

This would also eliminate needing to spawn a shell with the whitebeam --auth command, which must also be revised to read from stdin (for automation).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@noproto noproto

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@noproto