From f4f8c4e024218d47cfee1a8467c53d7ce54b4acc Mon Sep 17 00:00:00 2001
From: Amin Mesbah <mesbah.amin@gmail.com>
Date: Sun, 12 Feb 2017 16:29:20 -0800
Subject: [PATCH 1/2] Add failing test for opening read-only tomb.

Adds a test function called test-open-read-only(). The test prepares a
tomb file, removes the "write" permissions from it, and then attempts to
open it with "read-only" mount options (`-o ro,noatime,nodev`).

The test currently fails as expected.
---
 extras/test/runtests | 31 ++++++++++++++++++++++++++++---
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/extras/test/runtests b/extras/test/runtests
index b664e9a..4c99a0e 100755
--- a/extras/test/runtests
+++ b/extras/test/runtests
@@ -56,7 +56,7 @@ command -v qrencode > /dev/null || QRENCODE=0
 
 
 typeset -A results
-tests=(dig forge lock badpass open close passwd chksum bind setkey)
+tests=(dig forge lock badpass open close openro passwd chksum bind setkey)
 { test $RESIZER = 1 } && { tests+=(resize) }
 { test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
 { test $STEGHIDE = 1 } && { tests+=(stgin stgout stgopen stgpipe stgimpl) }
@@ -194,7 +194,32 @@ test-regression() {
 }
 
 
+test-open-read-only() {
 
+    notice "wiping all testro.tomb* in /tmp"
+    sudo rm -f /tmp/testro.tomb{,.key,.new.key}
+
+    # Create new
+    tt dig -s 20 /tmp/testro.tomb
+    tt forge /tmp/testro.tomb.key \
+        --ignore-swap --unsafe --tomb-pwd ${dummypass} --use-urandom
+    tt lock /tmp/testro.tomb -k /tmp/testro.tomb.key \
+        --ignore-swap --unsafe --tomb-pwd ${dummypass} 
+
+    notice "Testing open read only"
+
+    # Remove write privilege on test.tomb
+    chmod -w /tmp/testro.tomb
+
+    # Attempt to open the unwritable tomb with the read-only mount option
+    tt open /tmp/testro.tomb -k /tmp/testro.tomb.key \
+        --ignore-swap --unsafe --tomb-pwd ${dummypass} -o ro,noatime,nodev
+
+    { test $? = 0 } && {
+        results+=(openro SUCCESS)
+        tt close testro
+    }
+}
 
 
 startloops=(`sudo losetup -a |cut -d: -f1`)
@@ -227,8 +252,8 @@ tt close test
 
 { test $? = 0 } && { results+=(close SUCCESS) }
 
-
-
+# isolated function
+test-open-read-only
 
 
 notice "Testing changing tomb password"

From 70334f58fb254f430d744f94e13db0e3bc656268 Mon Sep 17 00:00:00 2001
From: Amin Mesbah <mesbah.amin@gmail.com>
Date: Sun, 12 Feb 2017 17:27:40 -0800
Subject: [PATCH 2/2] Skip writable check when mounting with "ro" option.

When opening a tomb file with "ro" passed through the -o option, the
writability check in is-valid-tomb() is skipped. This allows tomb files
to be opened without write permission.

test-open-read-only() now succeeds.
---
 tomb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tomb b/tomb
index cd286b1..71352c6 100755
--- a/tomb
+++ b/tomb
@@ -507,7 +507,8 @@ is_valid_tomb() {
 
     _fail=0
     # Tomb file must be a readable, writable, non-empty regular file.
-    [[ ! -w "$1" ]] && {
+    # If passed the "ro" mount option, the writable check is skipped.
+    [[ ! -w "$1" ]] && [[ $(option_value -o) != *"ro"* ]] && {
         _warning "Tomb file is not writable: ::1 tomb file::" $1
         _fail=1
     }