tfixed sudo for privilege excalation, gksu is not anymore a requirement - tomb - the crypto undertaker
(HTM) git clone git://parazyd.org/tomb.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit ddc88e7cec98e9e07f77cc5176fe2dca69f8dedc
(DIR) parent eea175b4a72760e76ac81bf0fa1e7689ef6c7bd4
(HTM) Author: Jaromil <jaromil@dyne.org>
Date: Sun, 13 Feb 2011 12:29:07 +0100
fixed sudo for privilege excalation, gksu is not anymore a requirement
also updated Todo items
Diffstat:
M TODO.org | 30 +++++++++++++++++++++++-------
M src/tomb | 14 +++++++++++---
2 files changed, 34 insertions(+), 10 deletions(-)
---
(DIR) diff --git a/TODO.org b/TODO.org
t@@ -8,21 +8,37 @@ you are welcome to send patches to jaromil@dyne.org
** [#A] fix operation without DISPLAY (over SSH) :hellekin:
** TODO [#A] SLAM tomb and kill all applications using it
- using fuser(1) we can do that easily, but we should ask user
- confirmation.
+ using lsof and fuser(1) we can do that easily
+
+ we should ask user confirmation when closing a tomb if to slam
+
+ tomb-askpass will become tomb-ask managing such user interaction,
+ using libassuan and pinentry from the gpg project.
- now tomb-dialog or something like that would be useful it askpass
- and dialog might melt together into one binary later.
** [#A] incremental backup system using bup :jaromil:
tombs are modifed only where needed so file changes are local to
- the file segment where data is stored. i've tested this idea and it
- works! bup makes incremental backups using git as a backend, big up
- apenwarr :) on git://github.com/apenwarr/bup
+ the file segment where data is stored. duplicity handles this using
+ gpg for backup sets and rdiff for incremental storage. its more
+ stable than bup at this moment.
+
+** TODO [#B] remove gnome dependencies
+
+ gksu is deeply connected to gnome in all its packages. actually
+ libgksu2-dev is and that doesn't helps.
+
+ gksu binary is a very simple and dirty code, we should have
+ tomb-ask to use the libgksu library for privilege escalation, but
+ then this would add the dependency into C linking...
+
+ the solution is for now to detect if gksu is present, else fallback
+ to sudo and provide it an interface to ask the password graphically
+ via pinentry
** TODO [#C] make one single status handle more tombs
** TODO [#C] decorate creation wizard with ASCII art
+
** DONE [#A] steganography to store tomb key :jaromil:
steghide can hide keys in JPG, BMP, WAV or AU files it also takes
(DIR) diff --git a/src/tomb b/src/tomb
t@@ -246,7 +246,15 @@ check_priv() {
which sudo > /dev/null
if [ $? = 0 ]; then
func "Using sudo for root execution of 'tomb ${(f)ARGS}'"
- sudo "tomb ${ARGS[@]}"
+ # check if sudo has a timestamp active
+ sudo -n true 2> /dev/null
+ if [ $? != 0 ]; then
+ # if not then ask a password
+ echo "SETDESC Sudo execution of Tomb ${ARGS[@]}
+SETPROMPT Insert your USER password:
+GETPIN" | pinentry | awk '/^D/ { print $2 }' | sudo -S -v
+ fi
+ sudo "tomb" ${(s: :)ARGS}
exit $?
fi
return 1
t@@ -283,7 +291,7 @@ while true; do
act "create create a new encrypted storage FILE and keys"
act "open open an existing tomb FILE on MOUNTPOINT"
act "close closes the tomb on MOUNTPOINT"
- act "bury hide a tomb key inside an jpeg image"
+ act "bury hide a tomb key inside a jpeg image"
act "exhume extract an hidden tomb key from a jpeg image"
act ""
t@@ -528,9 +536,9 @@ mount_tomb() {
act "mounting tomb named after $tombname"
if [ $KEY ]; then
- # key manually chosen from commandline with -k
tombkey="`basename $KEY`"
tombkeypath="$KEY"
+ act "tomb key specified manually, using: $tombkeypath"
else
tombkey=${tombfile}.gpg
if [ -r $tombkey ]; then