mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2025-01-03 14:17:37 +00:00
fixes to check_swap and new --force flag
Tenamed --ignore-swap flag to --force which is more generic and used also by other commands. There are also some minor fixes to CMD parsing. All changes are documented in manual and help.
This commit is contained in:
Jaromil
parent
28d81f1004
commit
58decda7fe
25
doc/tomb.1
25
doc/tomb.1
@ -188,22 +188,23 @@ executes desktop applications as processes owned by the user.
|
||||
|
||||
.SH SWAP
|
||||
|
||||
During "create" and "open" operation, swap will complain and \fIabort\fR if
|
||||
your system has swap activated. This can be annoying, and you can disable this
|
||||
behaviour using \fI--ignore-swap\fR. Before doing that, however, you may be
|
||||
interested in knowing the risks of doing so:
|
||||
During "create", "open" and "passwd" operations, swap will complain
|
||||
and \fIabort if your system has swap activated\fR. You can disable
|
||||
this behaviour using the \fI--force\fR. Before doing that, however,
|
||||
you may be interested in knowing the risks of doing so:
|
||||
.IP \(bu
|
||||
During both creation and opening it could write your secret key on the disk
|
||||
During such operations a lack of available memory could cause the swap
|
||||
to write your secret key on the disk.
|
||||
.IP \(bu
|
||||
After having opened the tomb, an application you're using could swap file
|
||||
contents. So you'll put file contents in clear on your disk
|
||||
Even while using an opened tomb, another application could occupy too
|
||||
much memory so that the swap needs to be used, this way it is possible
|
||||
that some contents of files contained into the tomb are physically
|
||||
written on your disk, not encrypted.
|
||||
.P
|
||||
|
||||
If you don't need swap, execute \fI swapoff -a\fR. If you really need it, you
|
||||
could encrypt it. Tomb doesn't detect if your swap is encrypted, and will
|
||||
complain anyway. In that case, using --ignore-swap is safe. Otherwise, use
|
||||
--ignore-swap at your own risk
|
||||
|
||||
If you don't need swap, execute \fI swapoff -a\fR. If you really need
|
||||
it, you could make an encrypted swap it. Tomb doesn't detect if your
|
||||
swap is encrypted, and will complain anyway.
|
||||
|
||||
|
||||
.SH BUGS
|
||||
|
||||
87
src/tomb
87
src/tomb
@ -206,21 +206,13 @@ check_swap() {
|
||||
# Return 2 if swap(s) is(are) used, but ALL encrypted
|
||||
local swaps=$(awk '/partition/ { print $1 }' /proc/swaps 2>/dev/null)
|
||||
[[ -z "$swaps" ]] && return 0 # No swap partition is active
|
||||
|
||||
local -i count
|
||||
xxx "check_swap $swaps"
|
||||
for dev in ${=swaps}
|
||||
do
|
||||
xxx "check_swap testing device $dev (count = $count)"
|
||||
sudo cryptsetup status ${dev} | grep 'active' &>/dev/null && count+=1
|
||||
done
|
||||
xxx "$count encrypted swap(s) [${(%w)#swaps} total]"
|
||||
(( ${count} == ${(%w)#swaps} )) && return 2 # All swap partitions are encrypted
|
||||
xxx "check_swap detected some unencrypted swap"
|
||||
(( ${#{=swaps}} )) && return 1 # Some unencrypted swap partition(s)
|
||||
xxx "check_swap should never reach here"
|
||||
return 0 # No swap partition is active
|
||||
no "An active swap partition is detected, this poses security risks."
|
||||
no "You can deactivate all swap partitions using the command:"
|
||||
no " swapoff -a"
|
||||
no "But if you want to proceed like this, use the --force flag."
|
||||
die "Operation aborted."
|
||||
}
|
||||
|
||||
# }}}
|
||||
# {{{ - Ask user for a password
|
||||
# we use pinentry now
|
||||
@ -320,6 +312,7 @@ Options:
|
||||
-k path to the key to use for opening a tomb
|
||||
-n don't process the hooks found in tomb
|
||||
-o mount options used to open (default: rw,noatime,nodev)
|
||||
-f force operation (i.e. even if swap is active)
|
||||
|
||||
-h print this help
|
||||
-v version information for this tool
|
||||
@ -568,14 +561,9 @@ exec_safe_post_hooks() {
|
||||
# {{{ - Create
|
||||
|
||||
create_tomb() {
|
||||
if ! option_is_set --ignore-swap && [[ `check_swap out` == 1 ]]; then
|
||||
_warning "You have swap activated; use --ignore-swap if you want to skip this check"
|
||||
_message "Using encryption with swap activated is very bad, because some files, or even your secret key, could be written on hard disk."
|
||||
_message "However, it could be that your swap is encrypted. If this is case, this is ok. Then, use --ignore-swap to skip this check"
|
||||
_message "You seem to be using `tail -n +2 /proc/swaps|wc -l` swaps:"
|
||||
tail -n +2 /proc/swaps
|
||||
exit 1
|
||||
fi
|
||||
_message "Commanded to create tomb $CMD2"
|
||||
if ! option_is_set --force; then check_swap; fi
|
||||
|
||||
if ! [ ${CMD2} ]; then
|
||||
_warning "no tomb name specified for creation"
|
||||
return 1
|
||||
@ -588,10 +576,9 @@ create_tomb() {
|
||||
tombfile=${tombname}.tomb
|
||||
tombsize=$opts[-s]
|
||||
|
||||
if [[ $tombsize != <-> ]]; then
|
||||
_warning "Size is not an integer"
|
||||
return 1
|
||||
fi
|
||||
[ $tombsize ] || die "Size argument missing, use --size"
|
||||
|
||||
[[ $tombsize != <-> ]] && die "Size argument is not an integer"
|
||||
|
||||
if [ -e ${tombdir}/${tombfile} ]; then
|
||||
_warning "tomb exists already. I'm not digging here:"
|
||||
@ -749,14 +736,8 @@ create_tomb() {
|
||||
|
||||
mount_tomb() {
|
||||
_message "Commanded to open tomb $CMD2"
|
||||
if ! option_is_set --ignore-swap && [[ `check_swap out` == 1 ]]; then
|
||||
_warning "You have swap activated; use --ignore-swap if you want to skip this check"
|
||||
_message "Using encryption with swap activated is very bad, because some files, or even your secret key, could be written on hard disk."
|
||||
_message "However, it could be that your swap is encrypted. If this is case, this is ok. Then, use --ignore-swap to skip this check"
|
||||
_message "You seem to be using `tail -n +2 /proc/swaps|wc -l` swaps:"
|
||||
tail -n +2 /proc/swaps
|
||||
die "I'm stopping now."
|
||||
fi
|
||||
if ! option_is_set --force; then check_swap; fi
|
||||
|
||||
if ! [ ${CMD2} ]; then
|
||||
_warning "no tomb name specified for creation"
|
||||
return 1
|
||||
@ -1058,15 +1039,10 @@ umount_tomb() {
|
||||
|
||||
# change tomb key password
|
||||
change_passwd() {
|
||||
if ! option_is_set --ignore-swap && [[ `check_swap out` == 1 ]]; then
|
||||
_warning "You have swap activated; use --ignore-swap if you want to skip this check"
|
||||
_message "Using encryption with swap activated is very bad, because some files, or even your secret key, could be written on hard disk."
|
||||
_message "However, it could be that your swap is encrypted. If this is case, this is ok. Then, use --ignore-swap to skip this check"
|
||||
_message "You seem to be using `tail -n +2 /proc/swaps|wc -l` swaps:"
|
||||
tail -n +2 /proc/swaps
|
||||
return 1
|
||||
fi
|
||||
local keyfile="${1}"
|
||||
_message "Commanded to change password for tomb key $CMD2"
|
||||
if ! option_is_set --force; then check_swap; fi
|
||||
|
||||
local keyfile="$CMD2"
|
||||
|
||||
# check the keyfile
|
||||
if ! [ -r $keyfile ]; then
|
||||
@ -1164,7 +1140,7 @@ change_passwd() {
|
||||
# {{{ - List
|
||||
# list all tombs mounted in a readable format
|
||||
list_tombs() {
|
||||
if [ $1 ]; then
|
||||
if [ $CMD2 ]; then
|
||||
# list a specific tomb
|
||||
mounted_tombs=`mount -l |
|
||||
awk -vtomb="[$1]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'`
|
||||
@ -1181,7 +1157,7 @@ list_tombs() {
|
||||
|
||||
if ! [ $mounted_tombs ]; then
|
||||
if [ $1 ]; then
|
||||
die "There seems to be no open tomb engraved as [${1}]"
|
||||
die "There seems to be no open tomb engraved as [$CMD2]"
|
||||
else
|
||||
die "I can't see any open tomb, may they all rest in peace."
|
||||
fi
|
||||
@ -1420,22 +1396,29 @@ option_value() {
|
||||
main() {
|
||||
local -A subcommands_opts
|
||||
### Options configuration
|
||||
#Hi, dear developer! Are you trying to add a new subcommand, or to add some options?
|
||||
#Well, keep in mind that:
|
||||
# 1. An option CAN'T have differente meanings/behaviour in different subcommands.
|
||||
|
||||
# Hi, dear developer! Are you trying to add a new subcommand, or
|
||||
# to add some options? Well, keep in mind that an option CAN'T
|
||||
# have differente meanings/behaviour in different subcommands.
|
||||
|
||||
# For example, "-s" means "size" and accept an argument. If you are tempted to add
|
||||
# an option "-s" (that means, for example "silent", and doesn't accept an argument)
|
||||
# DON'T DO IT!
|
||||
|
||||
# There are two reasons for that:
|
||||
# I. usability; user expect that "-s" is "size
|
||||
# I. usability; user expect that "-s" is "size"
|
||||
# II. Option parsing WILL EXPLODE if you do this kind of bad things
|
||||
# (it will say "option defined more than once, and he's right")
|
||||
#
|
||||
# If you want to use the same option in multiple commands then
|
||||
# you can only use the non-abbreviated long-option version like:
|
||||
# -force and NOT -f
|
||||
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v -no-color)
|
||||
subcommands_opts[__default]=""
|
||||
subcommands_opts[open]="n -nohook=n k: -key=k o: -mount-options=o -ignore-swap"
|
||||
subcommands_opts[open]="n -nohook=n k: -key=k o: -mount-options=o -force"
|
||||
subcommands_opts[mount]=${subcommands_opts[open]}
|
||||
subcommands_opts[create]="s: -size=s -ignore-swap k: -key=k"
|
||||
subcommands_opts[passwd]="-ignore-swap"
|
||||
subcommands_opts[create]="s: -size=s -force k: -key=k"
|
||||
subcommands_opts[passwd]="-force"
|
||||
subcommands_opts[close]=""
|
||||
subcommands_opts[help]=""
|
||||
subcommands_opts[slam]=""
|
||||
|
||||
Loading…
Reference in New Issue
Block a user