From f97a866fdbf66735ad32719e8af2a66197506f54 Mon Sep 17 00:00:00 2001 From: Robert Habermann Date: Sat, 2 May 2020 11:32:04 +0200 Subject: [PATCH] use shred -u to safely overwrite and delete temp files --- home.admin/20setupDialog.sh | 2 +- home.admin/70initLND.sh | 16 ++++++++-------- home.admin/98repairMenu.sh | 2 +- home.admin/BBcashoutWallet.sh | 2 +- home.admin/BBconnectPeer.sh | 2 +- home.admin/BBcreateInvoice.sh | 2 +- home.admin/BBopenChannel.sh | 2 +- home.admin/BBpayInvoice.sh | 2 +- home.admin/XXlnfwdreport.sh | 2 +- home.admin/config.scripts/blitz.lcd.sh | 3 +-- home.admin/config.scripts/blitz.setpassword.sh | 14 +++++++------- home.admin/config.scripts/bonus.lndconnect.sh | 3 +-- home.admin/config.scripts/dropbox.upload.sh | 5 ++--- home.admin/config.scripts/internet.dyndomain.sh | 2 +- home.admin/config.scripts/lnd.autounlock.sh | 2 +- 15 files changed, 29 insertions(+), 32 deletions(-) diff --git a/home.admin/20setupDialog.sh b/home.admin/20setupDialog.sh index fafa20d39..a2fc73862 100755 --- a/home.admin/20setupDialog.sh +++ b/home.admin/20setupDialog.sh @@ -22,7 +22,7 @@ while [ ${#result} -eq 0 ] l2="one word, keep characters basic & not too long" dialog --backtitle "RaspiBlitz - Setup (${network}/${chain})" --inputbox "$l1$l2" 11 52 2>$_temp result=$( cat $_temp | tr -dc '[:alnum:]-.' | tr -d ' ' ) - shred $_temp + shred -u $_temp echo "processing ..." sleep 3 done diff --git a/home.admin/70initLND.sh b/home.admin/70initLND.sh index 15f9e706f..6a91c1fe7 100755 --- a/home.admin/70initLND.sh +++ b/home.admin/70initLND.sh @@ -183,10 +183,10 @@ if [ ${walletExists} -eq 0 ]; then ############################ # let user enter password c - sudo shred /home/admin/.pass.tmp 2>/dev/null + sudo shred -u /home/admin/.pass.tmp 2>/dev/null sudo /home/admin/config.scripts/blitz.setpassword.sh x "Set your Password C for the LND Wallet Unlock" /home/admin/.pass.tmp passwordC=`sudo cat /home/admin/.pass.tmp` - sudo shred /home/admin/.pass.tmp 2>/dev/null + sudo shred -u /home/admin/.pass.tmp 2>/dev/null # make sure passwordC is set if [ ${#passwordC} -eq 0 ]; then @@ -200,7 +200,7 @@ if [ ${walletExists} -eq 0 ]; then source /home/admin/python3-env-lnd/bin/activate python3 /home/admin/config.scripts/lnd.initwallet.py new ${passwordC} > /home/admin/.seed.tmp source /home/admin/.seed.tmp - sudo shred /home/admin/.pass.tmp 2>/dev/null + sudo shred -u /home/admin/.pass.tmp 2>/dev/null # in case of error - retry if [ ${#err} -gt 0 ]; then @@ -320,10 +320,10 @@ or having a complete LND rescue-backup from your old node. clear # let user enter password c - sudo shred /home/admin/.pass.tmp 2>/dev/null + sudo shred -u /home/admin/.pass.tmp 2>/dev/null sudo /home/admin/config.scripts/blitz.setpassword.sh x "Set your Password C for the LND Wallet Unlock" /home/admin/.pass.tmp passwordC=`sudo cat /home/admin/.pass.tmp` - sudo shred /home/admin/.pass.tmp 2>/dev/null + sudo shred -u /home/admin/.pass.tmp 2>/dev/null # get seed word list if [ "${CHOICE}" == "SEED+SCB" ] || [ "${CHOICE}" == "ONLYSEED" ]; then @@ -334,7 +334,7 @@ or having a complete LND rescue-backup from your old node. # dialog to enter dialog --backtitle "RaspiBlitz - LND Recover" --inputbox "Please enter/paste the SEED WORD LIST:\n(just the words, seperated by spaces, in correct order as numbered)" 9 78 2>/home/admin/.seed.tmp wordstring=$( cat /home/admin/.seed.tmp | sed 's/[^a-zA-Z0-9 ]//g' ) - shred /home/admin/.seed.tmp + shred -u /home/admin/.seed.tmp echo "processing ... ${wordstring}" # check correct number of words @@ -374,10 +374,10 @@ During wallet creation LND offers to set an extra password to protect the seed words. Most users did not set this. " 11 65 if [ $? -eq 1 ]; then - sudo shred /home/admin/.pass.tmp 2>/dev/null + sudo shred -u /home/admin/.pass.tmp 2>/dev/null sudo /home/admin/config.scripts/blitz.setpassword.sh x "Enter extra Password D" /home/admin/.pass.tmp passwordD=`sudo cat /home/admin/.pass.tmp` - sudo shred /home/admin/.pass.tmp 2>/dev/null + sudo shred -u /home/admin/.pass.tmp 2>/dev/null fi fi diff --git a/home.admin/98repairMenu.sh b/home.admin/98repairMenu.sh index 1f4d019cc..e85bf02f0 100755 --- a/home.admin/98repairMenu.sh +++ b/home.admin/98repairMenu.sh @@ -122,7 +122,7 @@ case $CHOICE in l3="one word, keep characters basic & not too long" dialog --backtitle "RaspiBlitz - Setup (${network}/${chain})" --inputbox "$l1$l2$l3" 13 52 2>$_temp result=$( cat $_temp | tr -dc '[:alnum:]-.' | tr -d ' ' ) - shred $_temp + shred -u $_temp echo "processing ..." sleep 3 done diff --git a/home.admin/BBcashoutWallet.sh b/home.admin/BBcashoutWallet.sh index e8fdc27c3..ae318e44b 100755 --- a/home.admin/BBcashoutWallet.sh +++ b/home.admin/BBcashoutWallet.sh @@ -56,7 +56,7 @@ else exit 1 fi address=$(cat $_temp | xargs) -shred $_temp +shred -u $_temp if [ ${#address} -eq 0 ]; then echo "FAIL - not a valid address (${address})" echo "Press ENTER to return to main menu." diff --git a/home.admin/BBconnectPeer.sh b/home.admin/BBconnectPeer.sh index 8f1c36595..f666d3963 100755 --- a/home.admin/BBconnectPeer.sh +++ b/home.admin/BBconnectPeer.sh @@ -29,7 +29,7 @@ dialog --title "Open a Connection to a Peer" \ --backtitle "Lightning ( ${network} | ${chain} )" \ --inputbox "$l1\n$l2\n$l3" 10 60 2>$_temp _input=$(cat $_temp | xargs ) -shred $_temp +shred -u $_temp if [ ${#_input} -eq 0 ]; then clear echo diff --git a/home.admin/BBcreateInvoice.sh b/home.admin/BBcreateInvoice.sh index ca8a4545d..c47077863 100755 --- a/home.admin/BBcreateInvoice.sh +++ b/home.admin/BBcreateInvoice.sh @@ -26,7 +26,7 @@ l2="1 ${network} = 100 000 000 SAT" dialog --title "Pay thru Lightning Network" \ --inputbox "$l1\n$l2" 9 50 2>$_temp amount=$(cat $_temp | xargs | tr -dc '0-9') -shred $_temp +shred -u $_temp if [ ${#amount} -eq 0 ]; then clear echo diff --git a/home.admin/BBopenChannel.sh b/home.admin/BBopenChannel.sh index aae340e6a..5997139e2 100755 --- a/home.admin/BBopenChannel.sh +++ b/home.admin/BBopenChannel.sh @@ -96,7 +96,7 @@ l3="max available : ${confirmedBalance}" dialog --title "Funding of Channel" \ --inputbox "$l1\n$l2\n$l3" 10 60 2>$_temp amount=$(cat $_temp | xargs | tr -dc '0-9') -shred $_temp +shred -u $_temp if [ ${#amount} -eq 0 ]; then echo echo "no valid amount entered - returning to menu ..." diff --git a/home.admin/BBpayInvoice.sh b/home.admin/BBpayInvoice.sh index b47ac2657..f7890a809 100755 --- a/home.admin/BBpayInvoice.sh +++ b/home.admin/BBpayInvoice.sh @@ -49,7 +49,7 @@ l3="To try it out go to: ${testSite}" dialog --title "Pay thru Lightning Network" \ --inputbox "$l1\n$l2\n$l3" 10 70 2>$_temp invoice=$(cat $_temp | xargs) -shred $_temp +shred -u $_temp if [ ${#invoice} -eq 0 ]; then clear echo diff --git a/home.admin/XXlnfwdreport.sh b/home.admin/XXlnfwdreport.sh index cd15f1123..68b394532 100755 --- a/home.admin/XXlnfwdreport.sh +++ b/home.admin/XXlnfwdreport.sh @@ -19,7 +19,7 @@ dialog --title "Create a forwarding event report" \ --backtitle "Lightning ( ${network} | ${chain} )" \ --inputbox "$l1\n$l2" 10 60 7 2>$_temp _input=$(cat $_temp | xargs ) -shred $_temp +shred -u $_temp if [ ${#_input} -eq 0 ]; then exit 1 fi diff --git a/home.admin/config.scripts/blitz.lcd.sh b/home.admin/config.scripts/blitz.lcd.sh index 639fbfcd5..096412fd4 100644 --- a/home.admin/config.scripts/blitz.lcd.sh +++ b/home.admin/config.scripts/blitz.lcd.sh @@ -156,8 +156,7 @@ fi if [ "${command}" == "hide" ]; then sudo killall -3 fbi - shred /home/admin/qr.png 2> /dev/null - rm -f /home/admin/qr.png 2> /dev/null + shred -u /home/admin/qr.png 2> /dev/null exit 0 fi diff --git a/home.admin/config.scripts/blitz.setpassword.sh b/home.admin/config.scripts/blitz.setpassword.sh index 4fd537c89..842459a67 100644 --- a/home.admin/config.scripts/blitz.setpassword.sh +++ b/home.admin/config.scripts/blitz.setpassword.sh @@ -85,7 +85,7 @@ if [ "${abcd}" = "a" ]; then # get user input password1=$( cat $_temp ) - shred $_temp + shred -u $_temp # ask user for new password A (second time) dialog --backtitle "RaspiBlitz - Setup"\ @@ -93,7 +93,7 @@ if [ "${abcd}" = "a" ]; then # get user input password2=$( cat $_temp ) - shred $_temp + shred -u $_temp # check if passwords match if [ "${password1}" != "${password2}" ]; then @@ -152,7 +152,7 @@ elif [ "${abcd}" = "b" ]; then # get user input password1=$( cat $_temp ) - shred $_temp + shred -u $_temp # ask user for new password A (second time) dialog --backtitle "RaspiBlitz - Setup"\ @@ -160,7 +160,7 @@ elif [ "${abcd}" = "b" ]; then # get user input password2=$( cat $_temp ) - shred $_temp + shred -u $_temp # check if passwords match if [ "${password1}" != "${password2}" ]; then @@ -312,7 +312,7 @@ elif [ "${abcd}" = "x" ]; then # second parameter is the flexible text text=$2 resultFile=$3 - shred $3 2>/dev/null + shred -u $3 2>/dev/null # ask user for new password (first time) dialog --backtitle "RaspiBlitz"\ @@ -320,7 +320,7 @@ elif [ "${abcd}" = "x" ]; then # get user input password1=$( cat $_temp ) - shred $_temp + shred -u $_temp # ask user for new password A (second time) dialog --backtitle "RaspiBlitz - Setup"\ @@ -328,7 +328,7 @@ elif [ "${abcd}" = "x" ]; then # get user input password2=$( cat $_temp ) - shred $_temp + shred -u $_temp # check if passwords match if [ "${password1}" != "${password2}" ]; then diff --git a/home.admin/config.scripts/bonus.lndconnect.sh b/home.admin/config.scripts/bonus.lndconnect.sh index b56e656f3..1444fe6bc 100644 --- a/home.admin/config.scripts/bonus.lndconnect.sh +++ b/home.admin/config.scripts/bonus.lndconnect.sh @@ -227,8 +227,7 @@ fi # clean up /home/admin/config.scripts/blitz.lcd.sh hide -shred ${imagePath} 2> /dev/null -rm -f ${imagePath} 2> /dev/null +shred -u ${imagePath} 2> /dev/null echo "------------------------------" echo "If the connection was not working:" diff --git a/home.admin/config.scripts/dropbox.upload.sh b/home.admin/config.scripts/dropbox.upload.sh index 39158a499..63e15a488 100644 --- a/home.admin/config.scripts/dropbox.upload.sh +++ b/home.admin/config.scripts/dropbox.upload.sh @@ -31,7 +31,7 @@ Follow the steps described at the following link to get the DropBox-Authtoken from your account: https://github.com/rootzoll/raspiblitz/#b-dropbox-backup-target" 11 70 2>/home/admin/.tmp authtoken=$(cat /home/admin/.tmp) - shred /home/admin/.tmp + shred -u /home/admin/.tmp fi # quick check on authtoken @@ -104,8 +104,7 @@ elif [ "${MODE}" == "upload" ]; then --header "Content-Type: application/octet-stream" \ --data-binary @$SOURCEFILE > /home/admin/.dropbox.tmp safeResponse=$(sed 's/[^a-zA-Z0-9 ]//g' /home/admin/.dropbox.tmp) - sudo shred /home/admin/.dropbox.tmp - sudo rm /home/admin/.dropbox.tmp 2>/dev/null + sudo shred -u /home/admin/.dropbox.tmp success=$(echo "${safeResponse}" | grep -c 'servermodified') sizeZero=$(echo "${safeResponse}" | grep -c 'size 0') diff --git a/home.admin/config.scripts/internet.dyndomain.sh b/home.admin/config.scripts/internet.dyndomain.sh index b03463002..69d73bd11 100755 --- a/home.admin/config.scripts/internet.dyndomain.sh +++ b/home.admin/config.scripts/internet.dyndomain.sh @@ -50,7 +50,7 @@ The RaspiBlitz will call this URL regularly. 4 service freedns.afraid.org use 'DirectURL' " 10 52 2>./.tmp dynUpdateUrl=$( cat ./.tmp ) - shred ./.tmp + shred -u ./.tmp fi diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh index 326a3dfa0..66ffd68cf 100755 --- a/home.admin/config.scripts/lnd.autounlock.sh +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -57,7 +57,7 @@ Password C will be stored on the device. sudo /home/admin/config.scripts/lnd.autounlock.sh on exit 1 fi - shred ./.tmp + shred -u ./.tmp fi # config file