Files

59 lines
1.9 KiB
Markdown
Raw Permalink Normal View History

# Security Policy
## Scope
shadow-rs reimplements setuid-root tools that write to `/etc/passwd`,
`/etc/shadow`, and `/etc/group`. Security vulnerabilities in this code can
lead to privilege escalation, account takeover, or system lockout.
We take security issues extremely seriously.
## Reporting a Vulnerability
**Do NOT open a public GitHub issue for security vulnerabilities.**
Instead, please report vulnerabilities via GitHub's private vulnerability
reporting feature:
1. Go to https://github.com/uutils/shadow-rs/security/advisories
2. Click "New draft security advisory"
3. Fill in the details
If private advisory reporting is unavailable, contact the maintainers
directly using a private channel (for example, the email address listed
in a maintainer's GitHub profile). Do not open a public GitHub issue for
security vulnerabilities.
## What to Include
- Description of the vulnerability
- Steps to reproduce
- Affected versions / commits
- Impact assessment (privilege escalation, data leak, DoS, etc.)
- Suggested fix (if you have one)
## Response Timeline
- **Acknowledgment**: within 48 hours
- **Initial assessment**: within 7 days
- **Fix and disclosure**: coordinated, typically within 30 days
## Supported Versions
Only the latest version on the `main` branch is supported during
pre-1.0 development.
## Security Design Principles
- **Memory safety**: Rust eliminates buffer overflows, use-after-free,
and uninitialized memory reads
- **Password zeroing**: sensitive data is zeroed in memory via the
`zeroize` crate before deallocation
- **Atomic file operations**: lock → write tmp → fsync → rename prevents
partial writes and corruption
- **Stale lock detection**: PID-based detection prevents permanent lockout
from crashed processes
- **PAM delegation**: password changes go through PAM — we do not implement
our own password hashing
- **No GPL code**: clean-room implementation prevents license contamination