mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-05 12:57:56 +00:00
Merge pull request #189 from dyne/fix-163
Detect plain swaps on encrypted partition (util-linux >= 2.22) or advise user to use -f (fixes #163)
This commit is contained in:
hellekin
commit
bc45882533
46
tomb
46
tomb
@ -278,6 +278,25 @@ _tmp_create() {
|
|||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Check if a block device is encrypted
|
||||||
|
# Synopsis: _is_encrypted_block /path/to/block/device
|
||||||
|
# Return 0 if it is an encrypted block device
|
||||||
|
_is_encrypted_block() {
|
||||||
|
local b=$1 # Path to a block device
|
||||||
|
local s="" # lsblk option -s (if available)
|
||||||
|
|
||||||
|
# Issue #163
|
||||||
|
# lsblk --inverse appeared in util-linux 2.22
|
||||||
|
# but --version is not consistent...
|
||||||
|
lsblk --help | grep -q '\-\-inverse'
|
||||||
|
[[ $? -eq 0 ]] && s="--inverse"
|
||||||
|
|
||||||
|
sudo lsblk $s -o type -n $b 2>/dev/null \
|
||||||
|
| egrep -q '^crypt$'
|
||||||
|
|
||||||
|
return $?
|
||||||
|
}
|
||||||
|
|
||||||
# Check if swap is activated
|
# Check if swap is activated
|
||||||
# Return 0 if NO swap is used, 1 if swap is used.
|
# Return 0 if NO swap is used, 1 if swap is used.
|
||||||
# Return 1 if any of the swaps is not encrypted.
|
# Return 1 if any of the swaps is not encrypted.
|
||||||
@ -293,35 +312,18 @@ _ensure_safe_swap() {
|
|||||||
swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null)"
|
swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null)"
|
||||||
[[ -z "$swaps" ]] && return 0 # No swap partition is active
|
[[ -z "$swaps" ]] && return 0 # No swap partition is active
|
||||||
|
|
||||||
for s in $=swaps; do
|
|
||||||
bone=$(_sudo file $s)
|
|
||||||
if [[ "$bone" =~ "swap file" ]]; then
|
|
||||||
# It's a regular (unencrypted) swap file
|
|
||||||
r=1
|
|
||||||
break
|
|
||||||
|
|
||||||
elif [[ "$bone" =~ "symbolic link" ]]; then
|
|
||||||
# Might link to a block
|
|
||||||
r=1
|
|
||||||
[[ "/dev/mapper" == "${s%/*}" ]] || { break }
|
|
||||||
is_crypt=$(_sudo dmsetup status "$s" | awk '/crypt/ {print $3}')
|
|
||||||
[[ $is_crypt == "crypt" ]] && { r=2 }
|
|
||||||
|
|
||||||
elif [[ "$bone" =~ "block special" ]]; then
|
|
||||||
# It's a block
|
|
||||||
r=1
|
|
||||||
is_crypt=`_sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
|
|
||||||
[[ $is_crypt == "crypt" ]] && { r=2 } || { break }
|
|
||||||
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
_message "An active swap partition is detected..."
|
_message "An active swap partition is detected..."
|
||||||
|
for s in $=swaps; do
|
||||||
|
{ _is_encrypted_block $s } && { r=2 } || { r=1; break }
|
||||||
|
done
|
||||||
|
|
||||||
if [[ $r -eq 2 ]]; then
|
if [[ $r -eq 2 ]]; then
|
||||||
_success "All your swaps are belong to crypt. Good."
|
_success "All your swaps are belong to crypt. Good."
|
||||||
else
|
else
|
||||||
_warning "This poses a security risk."
|
_warning "This poses a security risk."
|
||||||
_warning "You can deactivate all swap partitions using the command:"
|
_warning "You can deactivate all swap partitions using the command:"
|
||||||
_warning " swapoff -a"
|
_warning " swapoff -a"
|
||||||
|
_warning "[#163] I may not detect plain swaps on an encrypted volume."
|
||||||
_warning "But if you want to proceed like this, use the -f (force) flag."
|
_warning "But if you want to proceed like this, use the -f (force) flag."
|
||||||
fi
|
fi
|
||||||
return $r
|
return $r
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user