From 0e49dfc7a0c2e3efb507b61b2b4ad2f591dc1900 Mon Sep 17 00:00:00 2001 From: hellekin Date: Mon, 16 Dec 2013 16:34:39 -0300 Subject: [PATCH 1/4] Detect non-partition swaps --- tomb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tomb b/tomb index 948c427..7132d27 100755 --- a/tomb +++ b/tomb @@ -136,7 +136,7 @@ safe_filename() { check_swap() { # Return 0 if NO swap is used, 1 if swap is used # Return 2 if swap(s) is(are) used, but ALL encrypted - local swaps=$(awk '/partition/ { print $1 }' /proc/swaps 2>/dev/null) + local swaps=$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null) [[ -z "$swaps" ]] && return 0 # No swap partition is active no "An active swap partition is detected, this poses security risks." no "You can deactivate all swap partitions using the command:" From 7f2fd4d60c3f628678bc8d6cc1edc864b647a40d Mon Sep 17 00:00:00 2001 From: hellekin Date: Mon, 16 Dec 2013 17:41:49 -0300 Subject: [PATCH 2/4] Support encrypted swap --- tomb | 44 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/tomb b/tomb index 7132d27..af55923 100755 --- a/tomb +++ b/tomb @@ -138,11 +138,47 @@ check_swap() { # Return 2 if swap(s) is(are) used, but ALL encrypted local swaps=$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null) [[ -z "$swaps" ]] && return 0 # No swap partition is active + # Check whether all swaps are encrypted, and return 2 + # If any of the swaps is not encrypted, we bail out and return 1. + ret=1 + for s in $=swaps; do + bone=`sudo file $s` + if `echo "$bone" | grep 'swap file' &>/dev/null`; then + # It's a regular (unencrypted) swap file + ret=1 + break + elif `echo "$bone" | grep 'symbolic link' &>/dev/null`; then + # Might link to a block + ret=1 + if [ "/dev/mapper" = "${s%/*}" ]; then + is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'` + if [ "crypt" = "$is_crypt" ]; then + ret=2 + fi + else + break + fi + elif `echo "$bone" | grep 'block special' &>/dev/null`; then + # Is a block + ret=1 + is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'` + if [ "crypt" = "$is_crypt" ]; then + ret=2 + else + break + fi + fi + done no "An active swap partition is detected, this poses security risks." - no "You can deactivate all swap partitions using the command:" - no " swapoff -a" - no "But if you want to proceed like this, use the -f (force) flag." - die "Operation aborted." + if [[ $ret -eq 2 ]]; then + yes "All your swaps are belong to crypt. Good." + else + no "You can deactivate all swap partitions using the command:" + no " swapoff -a" + no "But if you want to proceed like this, use the -f (force) flag." + die "Operation aborted." + fi + return $ret } # Ask user for a password From 15517e0141522e4bfeb253bbf73dd31e337994d3 Mon Sep 17 00:00:00 2001 From: hellekin Date: Mon, 16 Dec 2013 18:20:52 -0300 Subject: [PATCH 3/4] Support multiple swaps --- tomb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tomb b/tomb index af55923..78a5e20 100755 --- a/tomb +++ b/tomb @@ -136,7 +136,7 @@ safe_filename() { check_swap() { # Return 0 if NO swap is used, 1 if swap is used # Return 2 if swap(s) is(are) used, but ALL encrypted - local swaps=$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null) + local swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null)" [[ -z "$swaps" ]] && return 0 # No swap partition is active # Check whether all swaps are encrypted, and return 2 # If any of the swaps is not encrypted, we bail out and return 1. From 42a51c53fc3f3402bb35516b8c946f7e19ad21c0 Mon Sep 17 00:00:00 2001 From: hellekin Date: Mon, 16 Dec 2013 18:23:10 -0300 Subject: [PATCH 4/4] Support encrypted swaps --- tomb | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/tomb b/tomb index 78a5e20..f0b1c87 100755 --- a/tomb +++ b/tomb @@ -181,6 +181,22 @@ check_swap() { return $ret } +# Wrapper to allow encrypted swap and remind the user about +# possible data leaks to disk if swap is on, and not to be ignored +_check_swap() { + if ! option_is_set -f && ! option_is_set --ignore-swap; then + check_swap + case $? in + 0|2) # No, or encrypted swap + return 0 + ;; + *) # Unencrypted swap + return 1 + ;; + esac + fi +} + # Ask user for a password ask_password() { # we use pinentry now @@ -619,7 +635,7 @@ ask_key_password() { # change tomb key password change_passwd() { _message "Commanded to change password for tomb key $1" - if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi + _check_swap local keyfile="$1" # $1 is the tomb key path @@ -991,6 +1007,8 @@ engrave_key() { forge_key() { xxx "forge_key()" + _check_swap + # can be specified both as simple argument or using -k local destkey="$1" { option_is_set -k } && { destkey="`option_value -k`" } @@ -1003,9 +1021,6 @@ forge_key() { _warning "Forging this key would overwrite an existing file. Operation aborted." die "`ls -lh $destkey`" } - # if swap is on, we remind the user about possible data leaks to disk - if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi - # create the keyfile in tmpfs so that we leave less traces in RAM local keytmp=`safe_dir forge` (( $? )) && die "error creating temp dir" @@ -1084,9 +1099,7 @@ forge_key() { # taken from /dev/urandom which improves the tomb's overall security dig_tomb() { _message "Commanded to dig tomb $1" - - # if swap is on, we remind the user about possible data leaks to disk - if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi + _check_swap if ! [ $1 ]; then _warning "no tomb name specified for creation" @@ -1249,7 +1262,7 @@ lock_tomb_with_key() { # This function changes the key that locks a tomb change_tomb_key() { - if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi + _check_swap { option_is_set -k } || { die "Specify the new key with -k" } newkey="`option_value -k`" @@ -1370,8 +1383,7 @@ create_tomb() { # $1 = tombfile $2(optional) = mountpoint mount_tomb() { _message "Commanded to open tomb $1" - - if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi + _check_swap if ! [ ${1} ]; then _warning "no tomb name specified for creation"