Commit 9a36b3d
vins
security/keychain: update to 2.9.5
# upstream changes (since 2.9.2)
## keychain 2.9.5 (16 May 2025)
This is a bugfix release.
* Hardening checks were failing on Android and some MacOS environments. Make them
more compatible and lower to warnings instead of aborting the script, until
they have been tested in more environments.
([#177](danielrobbins/keychain#177))
* Fixed issues with indentation of `note()`, `warn()`, `mesg()`.
* Convert `SSH_AUTH_SOCK in pidfile is invalid; ignoring it` into a debug message,
as this is normal when rebooting your system so is not really useful to show
typically. ([#176](danielrobbins/keychain#176))
## keychain 2.9.4 (14 May 2025)
This is a minor bugfix release.
* Fix minor regression which allowed some warnings to display with `--quiet`.
([#175](danielrobbins/keychain#175))
* "Cannot find separate public key" turned into a `note()` rather than `warn()`,
along with several other non-critical notices. `note()` can be suppressed with
`--quiet`, unlike `warn()`. ([#157](danielrobbins/keychain#157))
* Minor improvement when wiping GnuPG keys with `--wipe` option so keychain output
is more understandable when gpg-agent is not running.
## keychain 2.9.3 (14 May 2025)
This is a security and bug fix release. Many thanks to those who have reported
issues to GitHub, send in pull requests, and tested out fixes. 2.9.3 includes
the following updates:
* The `--quick` option logic had several bugs which have been resolved. Thanks
to Filipe Fernandes (@ffernand) for reporting the issue and for assistance
testing fixes. ([#167](danielrobbins/keychain#167))
* Fix keychain `--query` exit code when no pidfile exists.
([#171](danielrobbins/keychain#171))
* `--systemd` option should now be fixed.
([[#168](danielrobbins/keychain#168)])
* Harden keychain so the use of the `--dir` and `--absolute` options cannot be
used to instruct keychain to write pidfiles into insecure areas.
([#174](danielrobbins/keychain#174))
Prior to this release, it was possible to use these options in combination
with bad (empty) default umask to write pidfiles into a public area on disk
where they were writable by other users. In the worst case, this could allow
arbitrary execution of the contents of the malicious pidfile by keychain.
This hardening now makes it difficult for a user to configure their keychain
in a way that would allow this to happen. Note that if you are not using the
`--dir` or `--absolute` options, keychain will use the `$HOME/.keychain`
directory by default, which is typically under the full control of the
current user and thus not exploitable.
The hardening changes include:
* Setting a global restrictive `umask` in the script.
* Remove pidfiles before redirecting data to them to ensure they are created
with restrictive permissions from the `umask`.
* Check the keychain pidfile directory to ensure it is owned by the current
user, and only the current user can access it (mode 700). If not, abort
with an informative error message.
* Check any existing pidfiles prior to use to make sure they are owned by the
current user, and only the current user can access them. If not, abort with
an informative error message.1 parent a9f90a6 commit 9a36b3d
2 files changed
Lines changed: 6 additions & 6 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
2 | 2 | | |
3 | | - | |
4 | | - | |
5 | | - | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
0 commit comments