nuvious/pam-duress

/etc/duress.d scripts should run after ~/.duress scripts

nuvious opened this issue · 1 comments

/etc/duress.d scripts should be run after ~/.duress script to allow for a script to be implemented that removes pam-duress itself as a cleanup action. In the current implementation one would have to write a delayed-action script to remove pam-duress system-wide which if misconfigured may allow an attacker to see the modules presence after the attacker has dropped to a user shell.

Closed in most recent PR. Merged on my end based on personal testing. Couldn't find a reviewer unforunately.