security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-02 12:01:32 +01:00
Code Activity

g13: Require a confirmation before g13 is used for DM-Crypt.

Browse Source 
* g13/g13-syshelp.c (g13_syshelp_i_know_what_i_am_doing):
* g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Call it.
(sh_dmcrypt_mount_container): Call it.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-02-13 17:30:14 +01:00
parent b0e6ab1109
commit 86f3bb144a
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
g13/g13-syshelp.c
View File

@ -577,6 +577,27 @@ release_tab_items (tab_item_t tab)
} }
void
g13_syshelp_i_know_what_i_am_doing (void)
{
const char * const yesfile = "Yes-g13-I-know-what-I-am-doing";
char *fname;
fname = make_filename (gnupg_sysconfdir (), yesfile, NULL);
if (access (fname, F_OK))
{
log_info ("*******************************************************\n");
log_info ("* The G13 support for DM-Crypt is new and not matured.\n");
log_info ("* Bugs or improper use may delete all your disks!\n");
log_info ("* To confirm that you are ware of this risk, create\n");
log_info ("* the file '%s'.\n", fname);
log_info ("*******************************************************\n");
exit (1);
}
xfree (fname);
}
/* Parse the /etc/gnupg/g13tab for user USERNAME. Return a table for /* Parse the /etc/gnupg/g13tab for user USERNAME. Return a table for
the user on success. Return NULL on error and print the user on success. Return NULL on error and print
diagnostics. */ diagnostics. */

1
g13/g13-syshelp.h
View File

@ -69,6 +69,7 @@ struct server_control_s
/*-- g13-syshelp.c --*/ /*-- g13-syshelp.c --*/
void g13_syshelp_init_default_ctrl (struct server_control_s *ctrl); void g13_syshelp_init_default_ctrl (struct server_control_s *ctrl);
void g13_syshelp_i_know_what_i_am_doing (void);
/*-- sh-cmd.c --*/ /*-- sh-cmd.c --*/
gpg_error_t syshelp_server (ctrl_t ctrl); gpg_error_t syshelp_server (ctrl_t ctrl);

6
g13/sh-dmcrypt.c
View File

@ -1,5 +1,5 @@
/* sh-dmcrypt.c - The DM-Crypt part for g13-syshelp /* sh-dmcrypt.c - The DM-Crypt part for g13-syshelp
* Copyright (C) 2015 Werner Koch * Copyright (C) 2015, 2016 Werner Koch
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -235,6 +235,8 @@ sh_dmcrypt_create_container (ctrl_t ctrl, const char *devname, estream_t devfp)
if (!ctrl->devti) if (!ctrl->devti)
return gpg_error (GPG_ERR_INV_ARG); return gpg_error (GPG_ERR_INV_ARG);
g13_syshelp_i_know_what_i_am_doing ();
header_space_size = SETUP_AREA_SECTORS * SECTOR_SIZE; header_space_size = SETUP_AREA_SECTORS * SECTOR_SIZE;
header_space = xtrymalloc (header_space_size); header_space = xtrymalloc (header_space_size);
if (!header_space) if (!header_space)
@ -543,6 +545,8 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
if (!ctrl->devti) if (!ctrl->devti)
return gpg_error (GPG_ERR_INV_ARG); return gpg_error (GPG_ERR_INV_ARG);
g13_syshelp_i_know_what_i_am_doing ();
/* Check that the device is not yet used by device mapper. */ /* Check that the device is not yet used by device mapper. */
err = check_blockdev (devname); err = check_blockdev (devname);
if (err) if (err)