Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-09-28 12:49:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use print for non-escaped piping of secret

Browse Source 
after fixing issue #154 with echo here we revert to using print with
options -R -n which sort the same effect. Print is preferred since it
executes the built-in command without any possible ambiguity. We don't
want to expose secrets to an external executable in case of a simple
attack that would change the env PATH to use a rootkitted echo.
This commit is contained in:
Jaromil 2014-11-20 15:53:45 +01:00
parent 489b3582cb
commit b7f4e3a7fd
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tomb
View File

@ -979,7 +979,7 @@ ask_key_password() {
# call cryptsetup with arguments using the currently known secret
# echo flags eliminate newline and disable escape (BSD_ECHO)
_cryptsetup() {
echo -n -E - "$TOMBSECRET" | cryptsetup --key-file - ${=@}
print -R -n - "$TOMBSECRET" | cryptsetup --key-file - ${=@}
return $?
}