commit b7f4e3a7fd39ad03bcd58e5f5bfbb41a3969f0a5
parent 489b3582cb3291e60c4002187466e24f07aa5f80
Author: Jaromil <jaromil@dyne.org>
Date: Thu, 20 Nov 2014 15:53:45 +0100
Use print for non-escaped piping of secret
after fixing issue #154 with echo here we revert to using print with
options -R -n which sort the same effect. Print is preferred since it
executes the built-in command without any possible ambiguity. We don't
want to expose secrets to an external executable in case of a simple
attack that would change the env PATH to use a rootkitted echo.
Diffstat:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tomb b/tomb
@@ -979,7 +979,7 @@ ask_key_password() {
# call cryptsetup with arguments using the currently known secret
# echo flags eliminate newline and disable escape (BSD_ECHO)
_cryptsetup() {
- echo -n -E - "$TOMBSECRET" | cryptsetup --key-file - ${=@}
+ print -R -n - "$TOMBSECRET" | cryptsetup --key-file - ${=@}
return $?
}
