fix: audit findings — security, i18n, validation, dead code (v0.3.2) · 0d4a1b035a - greetd-moongreet

fix: audit findings — security, i18n, validation, dead code (v0.3.2)

Quality:
- Q-5: Allow relative session commands (e.g. niri-session), greetd resolves PATH
- Q-3: Socket read+write timeouts with proper error logging
- Q-2: Remove unused PowerError::Timeout variant
- Q-M1: i18n for all login_worker error messages (new: unexpected_greetd_response)
- Q-M2: Explicit INVALID_LIST_POSITION check in session dropdown
- Q-M4: Log SVG loader.close() errors instead of silencing
- Q-M6: Testable persistence functions with proper roundtrip tests

Security:
- S-2: Validate GTK theme name (alphanumeric, _, -, +, . only)
- S-3: Log file created with mode 0o640
- S-4: Cache files (last-user, last-session) created with mode 0o600

Performance:
- P-3: Single symlink_metadata() call instead of exists() + is_symlink()
- P-4: Avoid Vec allocation in IPC send_message (two write_all calls)

Config:
- Update example GTK theme to Colloid-Catppuccin

This commit is contained in:

nevaforget

2026-03-28 00:37:35 +01:00

parent 4fa0dd0ead

commit 0d4a1b035a

8 changed files with 186 additions and 56 deletions

									
										config/moongreet.toml
									
		+1
		-1
	
												View File
												
				@@ -5,4 +5,4 @@

				# Absolute path to wallpaper image

				background = "/usr/share/backgrounds/wallpaper.jpg"

				# GTK theme for the greeter UI

				gtk-theme = "catppuccin-mocha-lavender-standard+default"

				gtk-theme = "Colloid-Catppuccin"