Pam module causing sporadic unlocks with authentication clients that spawn child processes

[PaideiaDilemma]

Howdy version (sudo howdy version): aa75c7666c040c6a7c83cd92b9b81a6fea4ce97c

The howdy pam module uses wait in order to wait for the python compare script to finish. But wait blocks until ANY child process finishes. If the authentication client uses child processes as well, one of them could exit with 0 at the right time and it would unlock.

Just using waitpid instead would fix this issue.

wait to waitpid patch

```patch diff --git a/howdy/src/pam/main.cc b/howdy/src/pam/main.cc index d1b8e34..8498655 100644 --- a/howdy/src/pam/main.cc +++ b/howdy/src/pam/main.cc @@ -290,7 +290,7 @@ auto identify(pam_handle_t *pamh, int flags, int argc, const char **argv, // zombie process) optional_task child_task([&] { int status; - wait(&status); + waitpid(child_pid, &status, 0); { std::unique_lock lock(mutx); if (confirmation_type == ConfirmationType::Unset) { ```

Discovered here: https://github.com/hyprwm/hyprlock/issues/535

[londeril]

I'm just here to chime in that a fix for that would be very nice :)

[coyotepunk05]

This is definitely a big problem. Prevents me from using Howdy whatsoever with hyprlock. Big security risk.