Commit Graph

256 Commits

Author SHA1 Message Date
Jaromil
eada0538c9 Delete mountpoint when tomb is closed (fix #149)
two bugs were left behind by the last refactoring, one about
consistency of the mountpoint naming (now using $TOMBNAME everywhere,
without the added .tomb extension as per #180), the other about a
missing _sudo to prefix rmdir commands.

Test suite has been updated accordingly.

This fix introduces a mandatory condition for the next update: all
tombs must be closed when upgrading the tomb script, else it will not
be able to correctly close them.
2015-06-26 11:47:19 +02:00
Jim Turner
1dff3676ce Remove inaccurate comment 2015-03-01 02:17:48 -05:00
Jim Turner
1919b29c1f Remove unused variable 2015-03-01 02:17:48 -05:00
hellekin
8aa1c0c6a5 Clarify code and documentation (thanks @boyska) 2015-02-21 23:04:50 -03:00
boyska
5f3ec68c38 FIX kdf iteration count 2015-02-20 19:03:21 +01:00
hellekin
fe504e4a19 Remove tabs 2015-02-20 11:42:49 +01:00
hellekin
8233278ce0 Remove leftover and notify #163 :) 2015-02-20 11:42:49 +01:00
hellekin
bad0173352 Simplify patch 2015-02-20 11:42:49 +01:00
hellekin
e4afe6aefa Recover legacy code for systems using util-linux < 2.22 2015-02-20 11:42:49 +01:00
hellekin
de418d00c9 Add detection of plain swap on encrypted volumes. (Fixes #163)
Previously, the code was relying on `file` and `dmsetup` to detect
encrypted swaps, but it was missing plain swaps on encrypted
volumes. Using `lsblk` adds this detection and simplifies the test.

Thanks @fsLeg for reporting the issue, and @boyska for fixing it.
2015-02-20 11:42:49 +01:00
Jaromil
ec5d72ae9a TODO updates and a small comment correction 2015-02-20 11:40:45 +01:00
Jim Turner
346a31ac5b Remove redundant test for $DISPLAY
This block is already wrapped in the `else` block of the same test for
the `$DISPLAY` variable, so this test is redundant.
2015-02-17 23:01:46 -05:00
Jim Turner
030704f5f3 Remove outdated error message
Commit 5dbcabdf26 removed the `chown` call
in `_tmp_create()` but not the associated error message. This commit
removes that error message since it is just dead code.
2015-02-17 01:33:29 -05:00
Jaromil
2598c11893 avoid enforcing .tomb extension to allow better deniability, fix #180 2015-02-08 17:41:01 +00:00
Jaromil
15ff5abe61 Sudo prompt for password made more visible to distinguish from other password prompts, addressing #171 2015-02-08 17:33:10 +00:00
Jaromil
46583fa445 tidying up the documentation 2015-01-30 02:00:07 +01:00
Jaromil
181103bc56 Make pinentry work even if LANG env var is not set (default to C, fix #188) 2015-01-29 18:11:25 +01:00
Jaromil
90e46854bc handle failure in load_key when key is not retrieved from stdin 2015-01-27 17:31:09 +01:00
Jaromil
ca012e8744 supports default mount also on /run/media/jrml (udisk2 compat). minor cleanups to default mountpoint generation. fix #186 2015-01-21 12:17:09 +01:00
Jaromil
4788ee6834 Avoid proceeding to umount if a bind_mount is busy and close is not slamming. 2015-01-17 02:29:57 +01:00
Jaromil
88c51f89f0 Improved validity check on tomb file. Introduces use of zsh/stat module 2015-01-17 02:14:38 +01:00
Jaromil
9b0364d34c preserve current GTK-2.0 theme when using pinentry-gtk-2 (fix #185) 2015-01-13 10:46:53 +01:00
Daniel "GDrooid" Rodriguez
30669bb9fa Use spaces instead of tabs. 2015-01-09 17:33:07 +01:00
Daniel "GDrooid" Rodriguez
bd7300aa3e Update .po files and fix typo in tomb executable. 2015-01-09 17:11:14 +01:00
Jaromil
d8c5cd24d1 better checks on file creation, both on dig and forge 2015-01-04 21:02:27 +01:00
hellekin
1068033e93 Address non-zero exit code on mount attempt 2014-12-27 08:13:15 -03:00
hellekin
45c5b53cc4 Restore -o and make explicit it means 'options local to subcommand' (Closes #182) 2014-12-26 23:42:58 -03:00
hellekin
f1c6245c80 Honor mount options (fixes #181) and disambiguate -o (fixes #182) 2014-12-26 20:54:51 -03:00
Jaromil
c56bd74e22 minor versioning 2014-12-25 02:48:49 +01:00
Jaromil
d88fd5c9cb release versioning 2014-12-21 22:08:32 +01:00
Jaromil
c436b76a85 typo fix for gpg 1.4.11 affecting mint 13 and ubuntu 12, closes #175 2014-12-21 21:51:15 +01:00
hellekin
b0c63ebf12 lapsus: not _notice, but _message 2014-11-27 13:40:58 -03:00
hellekin
29040b2d7f Replace tab with spaces 2014-11-27 13:01:35 -03:00
hellekin
f7ea486e13 Remove extra space and split message for accuracy (fixes #170) 2014-11-27 12:47:12 -03:00
Jaromil
0d690bf142 documentation and makefile scripts updates for release 2014-11-26 20:28:28 +01:00
gdrooid
de65325fc3 [i18n] Don't localize legal output. 2014-11-26 19:35:47 +01:00
Jaromil
bbe9a49ec3 Direct handling of pinentry execution
We skip distro wrappers here since they interfere with stdin/out
As usual: better to have less intermediaries.
2014-11-26 17:45:31 +01:00
Jaromil
7a8a8666ba addressing comments on last commit with a few fixes 2014-11-26 17:25:47 +01:00
gdrooid
47652747c3 [l10n] Update pot file. 2014-11-25 22:51:33 +01:00
Jaromil
f218c644ab KDF key handling cleanup 2014-11-25 03:25:27 +01:00
Jaromil
5dbcabdf26 Removed old privilege escalation model
This commit refactors the handling of password input by eliminating
all intermediary programs and relying only on ZSh, hence improving
overall security against rootkits and such.

Also the way sudo is used is now greatly simplified and there is no
privilege escalation at boot: sudo is executed inside Tomb by being
prefixed in front of those programs needing it.

All tests passed.
2014-11-25 02:37:05 +01:00
Jaromil
e6075d08ce really fail to not overwrite keys when forging 2014-11-24 20:06:45 +01:00
gdrooid
fb686db8eb Finished fixing #164 2014-11-24 17:02:30 +01:00
gdrooid
a46da1cc23 Fix #164 2014-11-23 22:47:03 +01:00
Jaromil
a6a784f1ef swish-e indexing change and whoami cleanup
swish-e now creates a .swishrc config file inside the tomb so that
users can tweak its configuration by hand.
whoami() is also cleaned up, pending a fix for slackware usage.
2014-11-23 21:53:44 +01:00
Jaromil
2480c89210 small security measure against exporting all vars 2014-11-23 18:26:06 +01:00
Jaromil
99581a5faa whitespace cleanup and correct indentation to 4 spaces (no tabs) 2014-11-23 18:25:42 +01:00
Jaromil
aba0fa5191 Avoid using a tempfile on every key decryption
A tempfile was often used by Tomb in order to parse the stderr output of
gpg and detect if the password is correct or not. The tempfile was not
holding any secret information (see #162) yet this is an improvement for
Tomb's deniability since there is now much less going on in the temp
firectory.
2014-11-23 16:58:43 +01:00
Jaromil
c0bd822312 fix for #165 2014-11-23 16:27:09 +01:00
Jaromil
a10d6af804 Removed handling of temporary directory
Added the --tmp flag for manual selection of the temporary directory, whose security should really be up to sysadmins when configuring operating systems. Default is ZSh TMPPREFIX usually set to /tmp/zsh which, if not existing, will be created as world writable with a sticky bit.

This commit also includes a cleanup of commandline options and a fix to swap check.
2014-11-23 14:49:41 +01:00
Jaromil
6bb1385c69 Security fix to setkey
Now there is no more writing of cleartext secrets in any tempfile,
the last case was in setkey and is now eliminated. Tempfile creation
is cleaner. Related to issue #162
2014-11-22 01:40:26 +01:00
Jaromil
f2efa69001 Read setting of pinentry-program in gpg-agent.conf
also fixes the check if the tomb is already open
2014-11-22 00:23:57 +01:00
Jaromil
4d82b20199 small fix to whitespace and leftover newline tests 2014-11-21 22:32:38 +01:00
Jaromil
e48c7c4a85 Added new --unsafe mode: -k cleartext
Using the 'cleartext' name for a key will read it from stdin and
expect it to be unencrypted. This is an unsafe mode of operation,
but useful i.e. to open remote tombs by piping the key over ssh,
or using a different software than Tomb to de/crypt keys.

This commit also renames the flag --unsecure-dev-mode into --unsafe
and includes a minor fix to the last opened date shown on open.

Addressing issue #161
2014-11-21 22:25:43 +01:00
Jaromil
b7f4e3a7fd Use print for non-escaped piping of secret
after fixing issue #154 with echo here we revert to using print with
options -R -n which sort the same effect. Print is preferred since it
executes the built-in command without any possible ambiguity. We don't
want to expose secrets to an external executable in case of a simple
attack that would change the env PATH to use a rootkitted echo.
2014-11-20 15:53:45 +01:00
Jaromil
489b3582cb Disable escapes when piping secrets
Switched to use echo with -E flag to disable escapes in keys: escape
strings were discarded cryptsetup tomb operations when they were present
in the decoded key random passphrase. Issue #154

The solution adopted here includes wrapping all cryptsetup operations to
unify the behaviour adopted.

Worth noting that this problem possibly breaks all tombs and keys
created using the unstable Tomb from git development in the past 2
months. Regression tests with previous stable releases are OK.
2014-11-20 09:59:11 +01:00
gdrooid
6ce45a6f84 [i18n] Update translation files. 2014-11-16 17:30:59 +01:00
Jaromil
a568cdf546 imported python tomber into extras
more documentation updates
2014-11-16 15:21:11 +01:00
Jaromil
bbb290c81a documentation updates 2014-11-16 13:55:51 +01:00
Jaromil
a0db66b18e added also explicit stdout redirection to command -v 2014-11-16 13:11:42 +01:00
Jaromil
9f39d671a0 reverted to use command -v instead of hash
according to analysis made with @gdrooid
2014-11-16 12:38:31 +01:00
Jaromil
da46cbcd31 using zsh hash function instead of command -v to check for bins in path, using plain 2>/dev/null redirection everywhere 2014-11-16 11:37:30 +01:00
Jaromil
982c7591f2 avoid gettext being a requirement and list optional tools found in version output 2014-11-16 11:34:35 +01:00
Jaromil
aa35441d69 this should fix lo_mount() as reported in #154 2014-11-16 11:09:43 +01:00
Jaromil
d4c4a82d73 more detailed help messages and exclude videos from index 2014-11-15 04:14:40 +01:00
Jaromil
249c3cec1d work also without gettext. versioning 2014-11-15 03:14:03 +01:00
Jaromil
8c8ab3fc5c removed some minor debugging tests 2014-11-15 02:41:10 +01:00
Jaromil
edbd950120 switched to zsh/regex and zsh/mapfile
many operations moved to builtin zsh internals, improving speed
also fixes to the username detection and to the losetup check
2014-11-15 02:38:53 +01:00
Jaromil
4ce8771e99 Correct wrapping of cli argument arrays
Fixes also piping to ssh for remote tomb commands
This fix was suggested by @brianmay on #139
2014-11-14 20:12:30 +01:00
Jaromil
82e0533892 message fix 2014-11-14 19:43:26 +01:00
Jaromil
a7d7fad6a8 last minor fix to use _plot() instead of is_valid_tomb() on tomb creation commands 2014-11-14 19:27:57 +01:00
Jaromil
949a8c19e7 correct rendering of dev mapper filename and use of is_valid_tomb 2014-11-14 19:13:48 +01:00
Jaromil
106c4ab32e fixed resize 2014-11-14 18:51:33 +01:00
Jaromil
98ab49315a fixes to _tmp_create and its usage 2014-11-14 18:42:11 +01:00
Jaromil
828579e10d better parses for bind-hooks
rw global vars VERSION etc facilitate re-source in test environment
2014-11-14 17:42:49 +01:00
Jaromil
9097a69631 indentation and small fix for umount to avoid warnings and correct check 2014-11-14 14:25:49 +01:00
Jaromil
c73f00eb19 adjusting strings to facilitate translation 2014-11-04 16:45:57 +01:00
Jaromil
943a46ef60 removed create_tomb, left deprecation notice 2014-11-04 16:45:37 +01:00
Jaromil
181f0fc636 revert to swish-e again 2014-11-04 16:45:08 +01:00
hellekin
6c71f2c94b [cleanup] Process subcommands 2014-11-04 15:33:12 +01:00
hellekin
8df1575a44 [cleanup] Replace 'test' with [[ expr ]] 2014-11-04 15:33:12 +01:00
hellekin
b857122d7d [cleanup] _load_key 2014-11-04 15:32:46 +01:00
hellekin
27ec914870 [cleanup] Fix path to user's temporary files 2014-11-04 15:32:46 +01:00
hellekin
fb12b50d7d [cleanup] ask_password 2014-11-04 15:32:45 +01:00
Jaromil
dac8e4acae remove base2 notation for flags
fixes bug that prevented to evaluate correctly 1/0 values for optional extensions
2014-11-04 15:32:45 +01:00
hellekin
788c133f94 [cleanup] More test cleanups 2014-11-04 15:32:45 +01:00
hellekin
14ed549a55 [cleanup] Consolidate temporary file creation 2014-11-04 15:32:45 +01:00
hellekin
226fd2a0f8 [cleanup] Only add directory to mounted if it's actually mounted 2014-11-04 15:32:45 +01:00
hellekin
fda78fbf8a [cleanup] Disallow empty TOMBNAME 2014-11-04 15:32:45 +01:00
hellekin
0754e9acd2 [cleanup] "Safety functions" section
- more documentation
  - follow style guide
  - rationalize check_swap
2014-11-04 15:32:45 +01:00
hellekin
3e91b7bb9b [cleanup] Document options functions 2014-11-04 15:32:45 +01:00
hellekin
cd1ceac92e [cleanup] Introduce _whoami ; clean ; pass all tests with or without sudo 2014-11-04 15:32:44 +01:00
hellekin
b053898300 [cleanup] Privatize {,_}endgame event 2014-11-04 15:32:44 +01:00
hellekin
8e38a1c31b [cleanup] Uppercase loop devices 2014-11-04 15:32:44 +01:00
hellekin
03a3456c98 [cleanup] Uppercase temporary files 2014-11-04 15:32:44 +01:00
hellekin
43225c790e [clenaup] Uppercase secrets 2014-11-04 15:32:44 +01:00
hellekin
fe01a62467 [cleanup] Uppercase TOMBKEY* 2014-11-04 15:32:44 +01:00
hellekin
b91573dde5 [cleanup] Introduce _plot 2014-11-04 15:32:44 +01:00
hellekin
19abe7cf85 [cleanup] Uppercase global command context 2014-11-04 15:32:44 +01:00
hellekin
0e9453ebd8 [cleanup] Remove unused global variable 2014-11-04 15:32:44 +01:00