diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2013-11-14 16:05:17 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2013-11-14 16:05:17 -0200 |
commit | d7b631b470aa0fde1f6d768632ee5d643aede320 (patch) | |
tree | 439a1fad72c9e4101932c9cebe213603839afd40 | |
parent | d892fb9997a98d12d9a09b12d3179242c48a07c9 (diff) | |
download | keyringer-d7b631b470aa0fde1f6d768632ee5d643aede320.tar.gz keyringer-d7b631b470aa0fde1f6d768632ee5d643aede320.tar.bz2 |
Ramdisk check (closes #13)
-rwxr-xr-x | lib/keyringer/actions/edit | 3 | ||||
-rwxr-xr-x | lib/keyringer/functions | 50 |
2 files changed, 49 insertions, 4 deletions
diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index c539846..9a3e488 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -13,9 +13,6 @@ keyringer_get_file "$2" # Set recipients file keyringer_set_recipients "$FILE" -# Warn user -echo "Make sure that $BASEDIR is atop of an encrypted volume." - # Get original file EXTENSION FILENAME="$(basename "$FILE" .asc)" FILENAME="$(basename "$FILENAME")" diff --git a/lib/keyringer/functions b/lib/keyringer/functions index d02b1d8..7570a94 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -111,16 +111,64 @@ function keyringer_is_git { fi } +# Check the security of a temporary folder +function keyringer_check_tmp { + local path="$1" + local minor + local mode + + if [ -z "$path" ]; then + return + fi + + # Mode check + if [ "`stat -c "%A" $path`" != "drwxrwxrwt" ]; then + return 1 + fi + + # Ramdisk check + if [ -x "/sbin/udevadm" ]; then + minor="$(/sbin/udevadm info --device-id-of-file "$path" | cut -d : -f 1)" + elif which mountpoint &> /dev/null; then + minor="$(mountpoint -d $(df "$path" | sed -n '$p' | awk '{print $NF}') | cut -d : -f 1)" + fi + + if [ ! -z "$minor" ]; then + return $minor + else + return 1 + fi +} + # Setup a temporary file function keyringer_set_tmpfile { + local tmp + local candidate + local candidates="/tmp /run/shm $TMP" + if [ -z "$BASEDIR" ]; then echo "Please set BASEDIR before creating a tmp file" exit 1 fi + # Ramdisk check + for candidate in $candidates; do + if keyringer_check_tmp $candidate; then + tmp="$candidate/keyringer.`whoami`" + break + fi + done + # Set base temp folder - local tmp="$BASEDIR/tmp" + if [ -z "$tmp" ]; then + echo "WARNING: neither one of $candidates is mounted in a tmpfs/ramdisk, using $BASEDIR/tmp as fallback." + echo "Make sure that $BASEDIR is atop of an encrypted volume." + echo "Press any key to continue, Ctrl-C to abort" + read key + tmp="$BASEDIR/tmp" + fi + # Determine template if [ -z "$1" ]; then template="$tmp/keyringer.XXXXXXXXXX" else |