parazyd.org/1/git/tomb/commit/843b7fdfc4c125065d31cc11cff8a994ed680bd4.gph

       tremove change of ownership when mounting tombs - tomb - the crypto undertaker
  HTML git clone git://parazyd.org/tomb.git
   DIR Log
   DIR Files
   DIR Refs
   DIR README
   DIR LICENSE
       ---
   DIR commit 843b7fdfc4c125065d31cc11cff8a994ed680bd4
   DIR parent 5996beab0e6b04560729249436e7a46c9cf770c2
  HTML Author: Jaromil <jaromil@dyne.org>
       Date:   Mon,  2 Jan 2017 11:04:08 +0100
       
       remove change of ownership when mounting tombs
       
       The chmod/chown launched on the mounted volume is not really effective
       for security, plus the UID is not correctly guessed when tomb is
       launched using sudo. It is now up to the user to correctly set
       ownership and permission on mounted volumes. There is also one less
       check on the ownership of the tomb file which was failing with a
       warning in the same case.
       
       Diffstat:
         M tomb                                |      20 +++++++++++---------
       
       1 file changed, 11 insertions(+), 9 deletions(-)
       ---
   DIR diff --git a/tomb b/tomb
       t@@ -45,7 +45,7 @@
        # {{{ Global variables
        
        typeset VERSION="2.3"
       -typeset DATE="Dec/2016"
       +typeset DATE="Jan/2017"
        typeset TOMBEXEC=$0
        typeset TMPPREFIX=${TMPPREFIX:-/tmp}
        # TODO: configure which tmp dir to use from a cli flag
       t@@ -525,12 +525,13 @@ is_valid_tomb() {
            }
                _verbose "tomb file is not empty"
        
       -    _uid="`zstat +uid $1`"
       -    [[ "$_uid"  = "$UID" ]] || {
       -        _user="`zstat -s +uid $1`"
       -        _warning "Tomb file is owned by another user: ::1 tomb owner::" $_user
       -    }
       -        _verbose "tomb is not owned by another user"
       +        # no more checking on the uid
       +    # _uid="`zstat +uid $1`"
       +    # [[ "$_uid"  = "$UID" ]] || {
       +    #     _user="`zstat -s +uid $1`"
       +    #     _warning "Tomb file is owned by another user: ::1 tomb owner::" $_user
       +    # }
       +        # _verbose "tomb is not owned by another user"
        
            [[ $_fail = 1 ]] && {
                _failure "Tomb command failed: ::1 command name::" $subcommand
       t@@ -1842,8 +1843,9 @@ mount_tomb() {
                _failure "Cannot mount ::1 tomb name::" $TOMBNAME
            }
        
       -    _sudo chown $UID:$GID ${tombmount}
       -    _sudo chmod 0711 ${tombmount}
       +        # we do not change ownership anymore when mounting tombs
       +    # _sudo chown $UID:$GID ${tombmount}
       +    # _sudo chmod 0711 ${tombmount}
        
            _success "Success opening ::1 tomb file:: on ::2 mount point::" $TOMBFILE $tombmount