Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Correct vulnerabilities as pointed out on netsec #162

Closed
jaromil opened this issue Nov 21, 2014 · 2 comments

Comments

@jaromil jaromil self-assigned this Nov 21, 2014
@jaromil jaromil added the minor label Nov 21, 2014
@jaromil jaromil added this to the 2.0 milestone Nov 21, 2014
@jaromil

This comment has been minimized.

Copy link
Member Author

commented Nov 22, 2014

Also from TheJH a suggestion to solve and eliminate all temp files (to be tested)

15:32  <TheJH> jaromil: this works in bash and zsh: /sbin/cryptsetup --key-file <(echo 'secretpassword') luksChangeKey test_fs <(echo 'newpassword')
15:33  <TheJH> jaromil: the command that actually run is this: /sbin/cryptsetup --key-file /proc/self/fd/11 luksChangeKey test_fs /proc/self/fd/12
15:36  <TheJH> jaromil: so the shell runs the commands in parens in parallel with the main command and gives the main command access to the output of the subcommands using pipes. and to make this work with 
               programs that expect input files, the shell passes the fd numbers as /proc/self/fd/ entries
jaromil added a commit that referenced this issue Nov 22, 2014
Now there is no more writing of cleartext secrets in any tempfile,
the last case was in setkey and is now eliminated. Tempfile creation
is cleaner. Related to issue #162
jaromil added a commit that referenced this issue Nov 23, 2014
A tempfile was often used by Tomb in order to parse the stderr output of
gpg and detect if the password is correct or not. The tempfile was not
holding any secret information (see #162) yet this is an improvement for
Tomb's deniability since there is now much less going on in the temp
firectory.
@jaromil

This comment has been minimized.

Copy link
Member Author

commented Nov 23, 2014

Most issues addressed by this analysis are now fixed. Thanks for the suggestions!

@jaromil jaromil closed this Nov 23, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.