From c89e00a97e6bb04c6b4b5c906befdb4767540dbe Mon Sep 17 00:00:00 2001
From: Drew DeVault <sir@cmpwn.com>
Date: Sat, 6 Oct 2018 12:17:36 -0400
Subject: Fix swaylock w/shadow on glibc, improve security

Today I learned that GNU flaunts the POSIX standard in yet another
creative way. Additionally, this adds some security improvements,
namely:

- Zeroing out password buffers in the privileged child process
- setuid/setgid after reading /etc/shadow
---
 swaylock/meson.build | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'swaylock/meson.build')

diff --git a/swaylock/meson.build b/swaylock/meson.build
index 6605340b..f3321a78 100644
--- a/swaylock/meson.build
+++ b/swaylock/meson.build
@@ -26,6 +26,9 @@ else
     warning('The swaylock binary must be setuid when compiled without libpam')
     warning('You must do this manually post-install: chmod a+s /path/to/swaylock')
     sources += ['shadow.c']
+    if crypt.found()
+        dependencies += [crypt]
+    endif
 endif
 
 executable('swaylock',
-- 
cgit v1.2.3