Last weekend I sat down and set into code a project that has been living in my head rent-free for some time: µlock (a.k.a: ulock). ulock is a minimal Wayland screen-locker, designed to work without relying on any setuid binary on Linux. This is done by relying on the tcb password shadowing scheme. The gist of this scheme is: each user’s shadow entry is stored in /etc/tcb/$USER/shadow instead of /etc/shadow, and each user has permissions to read their own encrypted password’s hash (and to edit it, depending on the administrator’s policy). I works in environments where setuid binaries are disabled entirely (but is not limited to those). As is often the case with these short, hobby projects, it was a good opportunity for some hands-on practice with technologies I like, those being Hare and Wayland in this case. ulock shows the current uptime on each display while the system is locked, and highlights a different edge each time a key is pressed to provide some visual feedback while typing…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.