fix: audit fixes — CString zeroize, FP account check, PAM timeout, blur downscale (v0.6.5) · 65ea523b36 - moonlock

fix: audit fixes — CString zeroize, FP account check, PAM timeout, blur downscale (v0.6.5)

Update PKGBUILD version / update-pkgver (push) Successful in 1s

Details

Address findings from second triple audit (quality, performance, security):

- Wrap PAM CString password in Zeroizing<CString> to wipe on drop (S-H1)
- Add check_account() for pam_acct_mgmt after fingerprint unlock,
  with resume_async() to restart FP on transient failure (S-M1)
- 30s PAM timeout with generation counter to prevent stale result
  interference from parallel auth attempts (S-M3)
- Downscale wallpaper to max 1920px before GPU blur, reducing work
  by ~4x on 4K wallpapers (P-M1)
- exit(1) instead of return on no-monitor after lock.lock() (Q-2.1)

This commit is contained in:

nevaforget

2026-03-30 00:24:43 +02:00

parent 465a19811a

commit 65ea523b36

9 changed files with 205 additions and 25 deletions

Cargo.lock

Generated

+1 -1

View File

@@ -575,7 +575,7 @@ dependencies = [
 [[package]]
 name = "moonlock"
 version = "0.6.4"
 version = "0.6.5"
 dependencies = [
  "gdk-pixbuf",
  "gdk4",

fix: audit fixes — CString zeroize, FP account check, PAM timeout, blur downscale (v0.6.5) Update PKGBUILD version / update-pkgver (push) Successful in 1s Details

fix: audit fixes — CString zeroize, FP account check, PAM timeout, blur downscale (v0.6.5)

Update PKGBUILD version / update-pkgver (push) Successful in 1s

Details