diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-04-12 20:06:30 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-04-12 20:06:30 +0200 |
commit | 2eaca82585204ffd37f7f5d3e397b2ac56638b40 (patch) | |
tree | 82b7c2e1113e2c461685950ac9943aacdf429751 /src/platform | |
parent | cca731a2954036425e35d6f1601a7debb71c1c49 (diff) |
Use pipefail and randomize intermediate encrypted.
Matthew writes:
If the initial decrypt fails then the rest of the line shouldn't
continue, as it won't be a properly decrypted password being
re-encrypted and written over the existing passfile.
One solution to this would be to enable pipefail (set -o pipefail) -
either just before, or at the start of this script. This would
cause the failure of any of the commands in a pipe to set the return
status of the whole pipeline to non-zero (the last failed command's
return code is used).
We take his suggestion with this patch. While we're at it, we take a
little bit extra care (though not too much extra care) to select a more
random intermediate password, in case folks have a strange habit of
using a dot-new extension on files.
Suggested-by: Matthew Richardson <m.richardson@ed.ac.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src/platform')
0 files changed, 0 insertions, 0 deletions