fix: audit LOW fixes — docs, rustdoc, scope, debug gate, lto fat (v0.6.12)
Update PKGBUILD version / update-pkgver (push) Successful in 3s
Update PKGBUILD version / update-pkgver (push) Successful in 3s
- Update CLAUDE.md and README.md to reflect the blur range [0,200] that the code has clamped to since v0.6.8. - Move the // SYNC: comment above the /// doc on MAX_BLUR_DIMENSION so rustdoc renders one coherent paragraph instead of a truncated sentence. - Narrow check_account visibility to pub(crate) and document the caller precondition (username must come from users::get_current_user()). - Gate MOONLOCK_DEBUG behind #[cfg(debug_assertions)]. Release builds always run at LevelFilter::Info so a session script cannot escalate journal verbosity to leak fprintd / D-Bus internals. - Document why pam_setcred is deliberately not called in authenticate(). - Release profile: lto = "fat" instead of "thin" — doubles release build time for better cross-crate inlining on the auth + i18n hot paths.
This commit is contained in:
@@ -250,11 +250,17 @@ fn setup_logging() {
|
||||
eprintln!("Failed to create journal logger: {e}");
|
||||
}
|
||||
}
|
||||
// Debug level is only selectable in debug builds. Release binaries ignore
|
||||
// MOONLOCK_DEBUG so a session script cannot escalate log verbosity to leak
|
||||
// fprintd / D-Bus internals into the journal.
|
||||
#[cfg(debug_assertions)]
|
||||
let level = if std::env::var("MOONLOCK_DEBUG").is_ok() {
|
||||
log::LevelFilter::Debug
|
||||
} else {
|
||||
log::LevelFilter::Info
|
||||
};
|
||||
#[cfg(not(debug_assertions))]
|
||||
let level = log::LevelFilter::Info;
|
||||
log::set_max_level(level);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user