Enforce safe SHM and no, or only encrypted swap

2024-11-04 20:37:55 +00:00 · 2011-12-01 20:41:04 +01:00 · 2011-12-01 20:41:04 +01:00 · d0e44bb264
commit d0e44bb264
parent 7aff877fda
1 changed files with 77 additions and 37 deletions
--- a/src/tomb
+++ b/src/tomb
@ -150,45 +150,83 @@ check_bin() {
 # }}}
 # {{{ - "SAFE" FUNCTIONS
 # {{{   - Create a directory with caution
+
+_have_shm() {
+    # Check availability of 1MB of SHM
+    xxx "_have_shm 0 We need only 1 MB of RAM"
+    [[ -k /dev/shm ]] || return 1
+
+    local -i SHM RAM
+
+    SHM=$(df -k -B 4K -a -t tmpfs /dev/shm | awk '/\/dev\/shm/ { print $4; }')
+    (( $? )) && return 1
+    xxx "_have_shm 1 SHM $SHM KB are available"
+
+    RAM=$(awk '/MemFree/ { print $2 }' /proc/meminfo)
+    xxx "_have_shm 2 RAM $RAM KB are free"
+    (( $RAM >= 1024 )) && return 0
+
+    xxx "_have_shm 3 RAM $RAM KB left only :("
+    # Now we have more RAM than affected to SHM, so we can expect some for our little needs.
+    # Does that work when SHM is disabled from kernel config?
+    return 1
+}
+
 safe_dir() {
-    which mktemp &> /dev/null
-    if [[ $? = 0 ]]; then
-        mktemp -d /dev/shm/$1.$$.XXXXXXX
-        return
-    fi
-    dir="/dev/shm/$1.$$.$RANDOM.$RANDOM"
-    (umask 077 && mkdir "$dir") || print "-1"
-    print "$dir"
+    # Try and create our temporary directory in RAM
+    # Note that there's no warranty the underlying FS won't swap
+    # every 5 seconds (e.g., ext3)
+    local -i tries
+    while (( $tries < 3 )) ; do
+	tries+=1
+	if _have_shm; then
+	    xxx "safe_dir creating directory in RAM"
+	    if (( $MKTEMP )); then
+		mktemp -d /dev/shm/$1.$$.XXXXXXX
+	    else
+   		dir="/dev/shm/$1.$$.$RANDOM$RANDOM"
+		mkdir -m 0700 -p "$dir"
+		print "$dir"
+	    fi
+	    return 0
+	else
+	    _warning "WARNING: we cannot ensure we're running in RAM."
+ 	         xxx "Wait a bit before retrying... (attempt $tries)"
+	    sync && sleep 0.5
+	fi
+    done
+    _warning "WARNING: no RAM available for me to run safely."
+    return 1
 }
 # }}}
-# {{{   - Create a file with caution
-safe_file() {
-    local tmpdir tmpfile
-
-    if [ "$MKTEMP" = "1" ]; then
-        mktemp -u /dev/shm/$1.$$.XXXXXXX
-        # this return needs to output ONLY the file
-    else
-	tmpfile="/dev/shm/$1.$$.$RANDOM.$RANDOM"
-	print $tmpfile
-    fi
+# {{{   - Provide a random filename in shared memory
+safe_filename() {
+    _have_shm || die "No access to shared memory on this system, sorry."
+    (( $MKTEMP )) && \
+	mktemp -u /dev/shm/$1.$$.XXXXXXX || \
+	print "/dev/shm/$1.$$.$RANDOM$RANDOM"
 }
 # }}}
 # {{{   - Check if swap is activated
 check_swap() {
    # Return 0 if NO swap is used, 1 if swap is used
-    # TODO: it should return 2 if swap is used, but encrypted
-    nlines=$(wc -l /proc/swaps|cut -f1 -d ' ')
-    if [[ $nlines -gt 1 ]]; then
-        r=1
-    else
-        #and return 2
-        r=0
-    fi
-    if [[ $1 == out ]]; then
-        echo $r;
-    fi
-    return $r;
+    # Return 2 if swap(s) is(are) used, but ALL encrypted
+    local swaps=$(awk '/partition/ { print $1 }' /proc/swaps 2>/dev/null)
+    [[ -z "$swaps" ]] && return 0                # No swap partition is active
+
+    local -i count
+    xxx "check_swap $swaps"
+    for dev in ${=swaps}
+    do
+	xxx "check_swap testing device $dev (count = $count)"
+	sudo cryptsetup status ${dev} | grep 'active' &>/dev/null && count+=1
+    done
+    xxx "$count encrypted swap(s) [${(%w)#swaps} total]"
+    (( ${count} == ${(%w)#swaps} )) && return 2  # All swap partitions are encrypted
+    xxx "check_swap detected some unencrypted swap"
+    (( ${#{=swaps}} )) && return 1               # Some unencrypted swap partition(s)
+    xxx "check_swap should never reach here"
+    return 0                                     # No swap partition is active
 }
 # }}}
 # {{{   - Ask user for a password
@ -467,6 +505,7 @@ print "-----END PGP MESSAGE-----"
 # }}}
 # {{{ - HOOK HELPERS
 # {{{   - Execute Bind Hooks
+
 exec_safe_bind_hooks() {
    if [[ -n ${(k)opts[-o]} ]]; then
        MOUNTOPTS=${opts[-o]}
@ -509,6 +548,7 @@ exec_safe_bind_hooks() {
 	fi
    done
 }
+
 # }}}
 # {{{   - POST-MOUNT HOOKS
 exec_safe_post_hooks() {
@ -602,9 +642,9 @@ create_tomb() {

    # create the keyfile in tmpfs so that we leave less traces in RAM
    keytmp=`safe_dir tomb`
-    if [ "$keytmp" = "-1" ]; then
-	die "error creating temp dir" 
-    fi
+    (( $? )) && die "error creating temp dir"
+    xxx "safe_dir at $keytmp"
+
    #rm -f $keytmp
    # ?????? creo, cancello e ricreo ??????
    #mkdir -p $keytmp
@ -1050,8 +1090,8 @@ change_passwd() {

    local tmpnewkey tmpoldkey c tombpass tombpasstmp

-    tmpnewkey=`safe_file tomb`
-    tmpoldkey=`safe_file tomb`
+    tmpnewkey=`safe_filename tomb`
+    tmpoldkey=`safe_filename tomb`

    _success "Changing password for $keyfile"
    keyname=`basename $keyfile`
@ -1070,7 +1110,7 @@ change_passwd() {

    if [ "$tombpass" != "ok" ]; then
        _warning "You typed an Invalid old password. Operation aborted."
-        # /dev/null because the file cannot exists
+        # /dev/null because the file may not exist
        ${=WIPE} "${tmpnewkey}" 2> /dev/null
        ${=WIPE} "${tmpoldkey}" 2> /dev/null
        return 1