small pixel drawing of a pufferfish pa

Make pw_edit security logic clearer
Jes Olson j3s@c3f.net
Wed, 28 Dec 2022 12:37:58 -0800
commit

0ea7ee1ad7d3659845c7ee30d20a16ffc0ad5078

parent

e2a22615791a86ddca685af52d1753cf1d181371

1 files changed, 13 insertions(+), 7 deletions(-)

jump to
M papa

@@ -70,14 +70,20 @@

# We want to clear the way for mkdir if we run # into unexpected state, and we also want to trap # a removal as a security precaution. - rm -rf /dev/shm/pa && - trap 'rm -rf /dev/shm/pa' EXIT + rm -rf /dev/shm/pa || + die "Failed to remove shared memory dir" - # Dying on mkdir is a security precaution as well, since - # mkdir will fail if the directory already exists (in which - # case, someone malicious may own it). - mkdir "$tmpdir" || - die "Failed to create tmpdir, check perms on $tmpdir" + trap 'rm -rf /dev/shm/pa' EXIT + + # We make this toplevel dir first as a security + # precaution - maintaining ownership of this dir + # guarantees that other users cannot muck with + # the contents within. + mkdir '/dev/shm/pa' || + die "Failed to create shared memory dir" + + mkdir -p "$tmpdir" || + die "Failed to create shared memory dir" age -i "$identities_file" --decrypt "$name.age" 2>/dev/null >"$tmpfile" || die "Could not decrypt $name.age"