Enforce safe SHM and no, or only encrypted swap

This commit is contained in:
hellekin 2011-12-01 20:41:04 +01:00
parent 7aff877fda
commit d0e44bb264

110
src/tomb
View File

@ -150,45 +150,83 @@ check_bin() {
# }}}
# {{{ - "SAFE" FUNCTIONS
# {{{ - Create a directory with caution
_have_shm() {
# Check availability of 1MB of SHM
xxx "_have_shm 0 We need only 1 MB of RAM"
[[ -k /dev/shm ]] || return 1
local -i SHM RAM
SHM=$(df -k -B 4K -a -t tmpfs /dev/shm | awk '/\/dev\/shm/ { print $4; }')
(( $? )) && return 1
xxx "_have_shm 1 SHM $SHM KB are available"
RAM=$(awk '/MemFree/ { print $2 }' /proc/meminfo)
xxx "_have_shm 2 RAM $RAM KB are free"
(( $RAM >= 1024 )) && return 0
xxx "_have_shm 3 RAM $RAM KB left only :("
# Now we have more RAM than affected to SHM, so we can expect some for our little needs.
# Does that work when SHM is disabled from kernel config?
return 1
}
safe_dir() {
which mktemp &> /dev/null
if [[ $? = 0 ]]; then
# Try and create our temporary directory in RAM
# Note that there's no warranty the underlying FS won't swap
# every 5 seconds (e.g., ext3)
local -i tries
while (( $tries < 3 )) ; do
tries+=1
if _have_shm; then
xxx "safe_dir creating directory in RAM"
if (( $MKTEMP )); then
mktemp -d /dev/shm/$1.$$.XXXXXXX
return
fi
dir="/dev/shm/$1.$$.$RANDOM.$RANDOM"
(umask 077 && mkdir "$dir") || print "-1"
else
dir="/dev/shm/$1.$$.$RANDOM$RANDOM"
mkdir -m 0700 -p "$dir"
print "$dir"
fi
return 0
else
_warning "WARNING: we cannot ensure we're running in RAM."
xxx "Wait a bit before retrying... (attempt $tries)"
sync && sleep 0.5
fi
done
_warning "WARNING: no RAM available for me to run safely."
return 1
}
# }}}
# {{{ - Create a file with caution
safe_file() {
local tmpdir tmpfile
if [ "$MKTEMP" = "1" ]; then
mktemp -u /dev/shm/$1.$$.XXXXXXX
# this return needs to output ONLY the file
else
tmpfile="/dev/shm/$1.$$.$RANDOM.$RANDOM"
print $tmpfile
fi
# {{{ - Provide a random filename in shared memory
safe_filename() {
_have_shm || die "No access to shared memory on this system, sorry."
(( $MKTEMP )) && \
mktemp -u /dev/shm/$1.$$.XXXXXXX || \
print "/dev/shm/$1.$$.$RANDOM$RANDOM"
}
# }}}
# {{{ - Check if swap is activated
check_swap() {
# Return 0 if NO swap is used, 1 if swap is used
# TODO: it should return 2 if swap is used, but encrypted
nlines=$(wc -l /proc/swaps|cut -f1 -d ' ')
if [[ $nlines -gt 1 ]]; then
r=1
else
#and return 2
r=0
fi
if [[ $1 == out ]]; then
echo $r;
fi
return $r;
# Return 2 if swap(s) is(are) used, but ALL encrypted
local swaps=$(awk '/partition/ { print $1 }' /proc/swaps 2>/dev/null)
[[ -z "$swaps" ]] && return 0 # No swap partition is active
local -i count
xxx "check_swap $swaps"
for dev in ${=swaps}
do
xxx "check_swap testing device $dev (count = $count)"
sudo cryptsetup status ${dev} | grep 'active' &>/dev/null && count+=1
done
xxx "$count encrypted swap(s) [${(%w)#swaps} total]"
(( ${count} == ${(%w)#swaps} )) && return 2 # All swap partitions are encrypted
xxx "check_swap detected some unencrypted swap"
(( ${#{=swaps}} )) && return 1 # Some unencrypted swap partition(s)
xxx "check_swap should never reach here"
return 0 # No swap partition is active
}
# }}}
# {{{ - Ask user for a password
@ -467,6 +505,7 @@ print "-----END PGP MESSAGE-----"
# }}}
# {{{ - HOOK HELPERS
# {{{ - Execute Bind Hooks
exec_safe_bind_hooks() {
if [[ -n ${(k)opts[-o]} ]]; then
MOUNTOPTS=${opts[-o]}
@ -509,6 +548,7 @@ exec_safe_bind_hooks() {
fi
done
}
# }}}
# {{{ - POST-MOUNT HOOKS
exec_safe_post_hooks() {
@ -602,9 +642,9 @@ create_tomb() {
# create the keyfile in tmpfs so that we leave less traces in RAM
keytmp=`safe_dir tomb`
if [ "$keytmp" = "-1" ]; then
die "error creating temp dir"
fi
(( $? )) && die "error creating temp dir"
xxx "safe_dir at $keytmp"
#rm -f $keytmp
# ?????? creo, cancello e ricreo ??????
#mkdir -p $keytmp
@ -1050,8 +1090,8 @@ change_passwd() {
local tmpnewkey tmpoldkey c tombpass tombpasstmp
tmpnewkey=`safe_file tomb`
tmpoldkey=`safe_file tomb`
tmpnewkey=`safe_filename tomb`
tmpoldkey=`safe_filename tomb`
_success "Changing password for $keyfile"
keyname=`basename $keyfile`
@ -1070,7 +1110,7 @@ change_passwd() {
if [ "$tombpass" != "ok" ]; then
_warning "You typed an Invalid old password. Operation aborted."
# /dev/null because the file cannot exists
# /dev/null because the file may not exist
${=WIPE} "${tmpnewkey}" 2> /dev/null
${=WIPE} "${tmpoldkey}" 2> /dev/null
return 1