search

dyne / tomb

the Crypto Undertaker
https://dyne.org/software/tomb
GNU General Public License v3.0
1.36k stars 157 forks source link

Correct vulnerabilities as pointed out on netsec #162

Closed jaromil closed 10 years ago

jaromil commented 10 years ago

Reference thread: http://www.reddit.com/r/netsec/comments/2ms1s0/tomb_file_encryption_on_linux/

jaromil commented 10 years ago

Also from TheJH a suggestion to solve and eliminate all temp files (to be tested)

15:32  <TheJH> jaromil: this works in bash and zsh: /sbin/cryptsetup --key-file <(echo 'secretpassword') luksChangeKey test_fs <(echo 'newpassword')
15:33  <TheJH> jaromil: the command that actually run is this: /sbin/cryptsetup --key-file /proc/self/fd/11 luksChangeKey test_fs /proc/self/fd/12
15:36  <TheJH> jaromil: so the shell runs the commands in parens in parallel with the main command and gives the main command access to the output of the subcommands using pipes. and to make this work with 
               programs that expect input files, the shell passes the fd numbers as /proc/self/fd/ entries
jaromil commented 10 years ago

Most issues addressed by this analysis are now fixed. Thanks for the suggestions!