Improve The Security Model #268
Conversation
The current functionality of SWHKS is to be replaced with the su method, hence, this binary would be only for the sake of backwards compatibility
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
Hi! Ci is broken. Can you resolve the issue? |
|
Yep I messed up a small line :) |
|
@Shinyzenith It should be all fixed now :) |
|
I still do not understand why we are adding 120ms, we were gonna subtract 10% as delta right? |
|
I'm sorry I had not updated what I was working on |
|
@Shinyzenith this should work :) |
|
Hi, have you documented all your changes? |
|
Eg: let _ = daemon(true, false);
Edit: ah this is unistd::daemon, I was searching for |
|
I can leave more comments if that is helpful. |
|
As for documentation, the description for the pr is up to date, however I will also leave some helpful comments in the places i made changes to |
|
@newtoallofthis123 In terms of documentation, I mean updating readme and man pages with relevant information. The comments are an important part too. Thanks for taking note. |
|
That makes sense 😅 |
|
@Shinyzenith Updated the docs :) |
|
Why did you remove logging from swhks? |
|
Ever since the command execution was taken out from it, the log file is no longer used in |
|
Also your commit messages are horrendous sadly. We need to rebase / work on getting those improved. |
|
Yeah I am very bad at commit messages 😅 |
|
Closed and ported to #270 |
Below PR aims to simplify and improve swhkd's security model.
Please refer to the changelog for full details
Changes made
It would be difficult to layout all of the changes made in the codebase in a single changelog, however,
the following are the major changes that can be easily noticable in the codebase.
For the full changes, please refer to the Github repository.
Seperate Env Module: refer:
All of the env parsing and feed has been categorized into a seperate module called
environ.rs.This module is responsible for parsing the environment variables and providing them to the daemon.
The env from the server is just a newline separated string of
key=valuepairs.These are parsed, deduped and then fed to the daemon.
Retire SWHKS command execution: refer:
The
SWHKScommand execution has been retired and instead, the daemon now usessuto execute the commands in the user space.This means that the daemon is now less reliant on the server and hence the security concerns are mitigated.
Daemonize the server and env sending: refer:
The server has been daemonized and all of it's output has been redirected to
/dev/null.Moreover, the actual function to send the env to the daemon has been added.
Any connection to the server now results in the server sending the env.
Event based env refresh: refer:
The server now has an event based cron job that sends the env to the daemon every 650ms by default.
However, the user can specify a custom timeout using the
-rflag.Config file better defaults: refer:
The config file location now correctly defaults to
~/.config/swhkd/swhkdrcthanks to the environ refresh from the server.The problem was that the daemon was running in root space with the root user's env, so it was not able to find the config file
that was stored in the user space.
So, just for the config file location, the daemon now requests the server for the env and then uses
suto read the config file.Channel Based Communication: refer:
The daemon now uses a channel based communication to communicate with the thread.
The thread is spawned at the beginning and is valid throughout the lifetime of the daemon.
A mpsc channel of a good default of
100is used to communicate between the daemon and the thread.This means that the daemon can now execute the commands in the user space without spawning a new thread everytime.
Server Instance Tracking: refer:
The server now detects if it is already running and if it is, it doesn't start a new instance.
This is usefull because it has been daemonized and hence can be running in the background when a new connection is made.
Final Flow
The final flow of the daemon is as follows:
The daemon is launched in the root space and the server is launched in the user space.
This is reminiscent of the old IPC model as such:
./swhks && doas ./swhkdThe
doasorsudocan be skipped by making the swhkd binary a setuid binary.This can be done by running the following command:
Right after this is done, the first connection to the server is made and the server sends the env to the daemon.
This information is stored in the
envstruct instance and this is exchanged and valid throughout the process life cycle.The
XDG_CONFIG_HOMEis also set to~/.config/swhkdand the config file is read from there if it exists.A thread is spawned that is valid throughout the lifetime of the daemon.
The thread is also de-escalated to the user space.
The thread can communicate with the daemon through a channel.
Next, the daemon starts listening for the key events.
When a key event is detected, the daemon just sends it to the thread through the channel.
Concurrently, there is a cron job that sends the env to the daemon every 650ms by default.
This ensures that the env is always fresh and the daemon can always execute the commands in the user space.