mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-22 20:45:13 +00:00
Merge pull request #189 from dyne/fix-163
Detect plain swaps on encrypted partition (util-linux >= 2.22) or advise user to use -f (fixes #163)
This commit is contained in:
commit
bc45882533
46
tomb
46
tomb
@ -278,6 +278,25 @@ _tmp_create() {
|
||||
return 0
|
||||
}
|
||||
|
||||
# Check if a block device is encrypted
|
||||
# Synopsis: _is_encrypted_block /path/to/block/device
|
||||
# Return 0 if it is an encrypted block device
|
||||
_is_encrypted_block() {
|
||||
local b=$1 # Path to a block device
|
||||
local s="" # lsblk option -s (if available)
|
||||
|
||||
# Issue #163
|
||||
# lsblk --inverse appeared in util-linux 2.22
|
||||
# but --version is not consistent...
|
||||
lsblk --help | grep -q '\-\-inverse'
|
||||
[[ $? -eq 0 ]] && s="--inverse"
|
||||
|
||||
sudo lsblk $s -o type -n $b 2>/dev/null \
|
||||
| egrep -q '^crypt$'
|
||||
|
||||
return $?
|
||||
}
|
||||
|
||||
# Check if swap is activated
|
||||
# Return 0 if NO swap is used, 1 if swap is used.
|
||||
# Return 1 if any of the swaps is not encrypted.
|
||||
@ -293,35 +312,18 @@ _ensure_safe_swap() {
|
||||
swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null)"
|
||||
[[ -z "$swaps" ]] && return 0 # No swap partition is active
|
||||
|
||||
for s in $=swaps; do
|
||||
bone=$(_sudo file $s)
|
||||
if [[ "$bone" =~ "swap file" ]]; then
|
||||
# It's a regular (unencrypted) swap file
|
||||
r=1
|
||||
break
|
||||
|
||||
elif [[ "$bone" =~ "symbolic link" ]]; then
|
||||
# Might link to a block
|
||||
r=1
|
||||
[[ "/dev/mapper" == "${s%/*}" ]] || { break }
|
||||
is_crypt=$(_sudo dmsetup status "$s" | awk '/crypt/ {print $3}')
|
||||
[[ $is_crypt == "crypt" ]] && { r=2 }
|
||||
|
||||
elif [[ "$bone" =~ "block special" ]]; then
|
||||
# It's a block
|
||||
r=1
|
||||
is_crypt=`_sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
|
||||
[[ $is_crypt == "crypt" ]] && { r=2 } || { break }
|
||||
|
||||
fi
|
||||
done
|
||||
_message "An active swap partition is detected..."
|
||||
for s in $=swaps; do
|
||||
{ _is_encrypted_block $s } && { r=2 } || { r=1; break }
|
||||
done
|
||||
|
||||
if [[ $r -eq 2 ]]; then
|
||||
_success "All your swaps are belong to crypt. Good."
|
||||
else
|
||||
_warning "This poses a security risk."
|
||||
_warning "You can deactivate all swap partitions using the command:"
|
||||
_warning " swapoff -a"
|
||||
_warning "[#163] I may not detect plain swaps on an encrypted volume."
|
||||
_warning "But if you want to proceed like this, use the -f (force) flag."
|
||||
fi
|
||||
return $r
|
||||
|
Loading…
Reference in New Issue
Block a user