Nice, pretty cool stuff. In high-school I worked on something similar (https://github.com/rafket/pam_duress), though this seems to have a somewhat cleaner implementation which is nice to see, and hopefully a more eager maintainer.
I’m reading the readme of your project, and got to the part where it says
> for example a mail could be automatically sent from his computer to a rescuer, a script could delete sensitive files in his hard-disk or a certain Rick Astley song could be appropriately played
And I’m just imagining someone having set two duress passwords; one for kidnapping situations and one that they put there as a joke. And then they get kidnapped and they try to input the one supposed to call for help, but they misremember so they input the rickroll trigger instead.
And the kidnappers are like “hey what the hell, you think this is funny man? turn that off” and the kidnapped person cries for having messed up their one chance at calling for help.
There are some issues with nuvious' pam-duress that allow for untrusted string inputs when handling scripts with system() call, and I sent a patch to them via E-mail in an attempt to highlight the issues and provide a basis for a better way to handle it.
Hey, just found that patch in my email. Will try to get that encoded into a formal issues on the project. If you have time yourself feel free to that or any other issue yourself. Also looking for 3rd party reviews on the PR's I have open now and into the future.
