mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-23 10:38:59 +00:00
Use print for non-escaped piping of secret
after fixing issue #154 with echo here we revert to using print with options -R -n which sort the same effect. Print is preferred since it executes the built-in command without any possible ambiguity. We don't want to expose secrets to an external executable in case of a simple attack that would change the env PATH to use a rootkitted echo.
This commit is contained in:
parent
489b3582cb
commit
b7f4e3a7fd
2
tomb
2
tomb
@ -979,7 +979,7 @@ ask_key_password() {
|
|||||||
# call cryptsetup with arguments using the currently known secret
|
# call cryptsetup with arguments using the currently known secret
|
||||||
# echo flags eliminate newline and disable escape (BSD_ECHO)
|
# echo flags eliminate newline and disable escape (BSD_ECHO)
|
||||||
_cryptsetup() {
|
_cryptsetup() {
|
||||||
echo -n -E - "$TOMBSECRET" | cryptsetup --key-file - ${=@}
|
print -R -n - "$TOMBSECRET" | cryptsetup --key-file - ${=@}
|
||||||
return $?
|
return $?
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user