blob: fc27f6a3353ba60e89d54195b6f4e8a630e7eff1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
# Copyright (C) 2012 Jonathan Chu <milki@rescomp.berkeley.edu>. All Rights Reserved.
# Copyright (C) 2015 David Dahlberg <david.dahlberg@fkie.fraunhofer.de>. All Rights Reserved.
# This file is licensed under the GPLv2+. Please see COPYING for more information.
tmpdir() {
[[ -n $SECURE_TMPDIR ]] && return
local warn=1
[[ $1 == "nowarn" ]] && warn=0
local template="$PROGRAM.XXXXXXXXXXXXX"
if [[ $(sysctl -n kern.usermount) == 1 ]]; then
SECURE_TMPDIR="$(mktemp -d "${TMPDIR:-/tmp}/$template")"
mount -t tmpfs -o -s16M tmpfs "$SECURE_TMPDIR" || die "Error: could not create tmpfs."
unmount_tmpdir() {
[[ -n $SECURE_TMPDIR && -d $SECURE_TMPDIR ]] || return
umount "$SECURE_TMPDIR"
rm -rf "$SECURE_TMPDIR"
}
trap unmount_tmpdir INT TERM EXIT
else
[[ $warn -eq 1 ]] && yesno "$(cat <<-_EOF
The sysctl kern.usermount is disabled, therefore it is not
possible to create a tmpfs for temporary storage of files
in memory.
This means that it may be difficult to entirely erase
the temporary non-encrypted password file after editing.
Are you sure you would like to continue?
_EOF
)"
SECURE_TMPDIR="$(mktemp -d "${TMPDIR:-/tmp}/$template")"
shred_tmpfile() {
find "$SECURE_TMPDIR" -type f -exec $SHRED {} +
rm -rf "$SECURE_TMPDIR"
}
trap shred_tmpfile INT TERM EXIT
fi
}
GETOPT="gnugetopt"
SHRED="rm -P -f"
BASE64="openssl base64"
|
