greetd-moongreet/DECISIONS.md
nevaforget 14d6476e5a fix: audit findings — wallpaper safety, log filtering, error truncation (v0.4.1)
- Rework load_background_texture(): use resources_lookup_data()/from_bytes()
  for GResource path (no abort on missing resource), add 50 MB file size limit,
  handle non-UTF-8 paths gracefully
- Filter error details to debug level only — warn! logs without internal details
  to prevent system info leaking into journal
- Make debug logging opt-in via MOONGREET_DEBUG env var (default: Info)
- Truncate greetd error description in stale-session retry path using
  MAX_GREETD_ERROR_LENGTH (matching show_greetd_error())
- Add 3 unit tests for load_background_texture edge cases
2026-03-28 10:29:21 +01:00

707 B
Raw Blame History

Decisions

2026-03-28 Audit fixes for shared wallpaper texture (v0.4.1)

  • Who: Selene, Dominik
  • Why: Quality, performance, and security audits flagged issues in load_background_texture(), debug logging, and greetd error handling
  • Tradeoffs: GResource path now requires UTF-8 (returns None for non-UTF-8 instead of aborting); 50 MB wallpaper limit is generous but prevents OOM; debug logging off by default trades observability for security
  • How: GResource branch via resources_lookup_data() + from_bytes() (no abort), file size limit, error details only at debug level, MOONGREET_DEBUG env var for log level, greetd retry path truncation matching show_greetd_error()