mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-23 02:28:58 +00:00
Use print for non-escaped piping of secret
after fixing issue #154 with echo here we revert to using print with options -R -n which sort the same effect. Print is preferred since it executes the built-in command without any possible ambiguity. We don't want to expose secrets to an external executable in case of a simple attack that would change the env PATH to use a rootkitted echo.
This commit is contained in:
parent
489b3582cb
commit
b7f4e3a7fd
2
tomb
2
tomb
@ -979,7 +979,7 @@ ask_key_password() {
|
||||
# call cryptsetup with arguments using the currently known secret
|
||||
# echo flags eliminate newline and disable escape (BSD_ECHO)
|
||||
_cryptsetup() {
|
||||
echo -n -E - "$TOMBSECRET" | cryptsetup --key-file - ${=@}
|
||||
print -R -n - "$TOMBSECRET" | cryptsetup --key-file - ${=@}
|
||||
return $?
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user