NapoleonDynamite/voidrice
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Make otp script more secure + other improvements (#1190)

Browse source 
Make a temporary directory in $XDG_RUNTIME_DIR instead of $PASSWORD_STORE_DIR. 

$XDG_RUNTIME_DIR defaults to /run/user/$uid/. This directory has the security advantage of only being readable and writable by the current user and being mounted in RAM, causing the screenshot to be fully wiped on shutdown and not needing shred, which doesn't work reliably on SSD's. 

Also quoted $dir, for the off chance someone has spaces in their $PASSWORD_STORE_DIR.

Removed the check for xclip and the $issuer and $name variables, as they are unused.

If you're wondering why echo is piped into dmenu, on my system dmenu hung when called without the pipe, causing the whole script to freeze.
This commit is contained in:
appeasementPolitik 2022-09-20 11:42:54 +00:00 committed by GitHub
parent ae0ad289a1
commit 7871fd80b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
.local/bin/otp
View file

@ -13,27 +13,25 @@ ifinstalled pass pass-otp
dir="${PASSWORD_STORE_DIR}"
choice="$({ echo "🆕add" ; echo "🕙sync-time" ; ls ${dir}/*-otp.gpg ;} | sed "s/.*\///;s/-otp.gpg//" | dmenu -p "Pick a 2FA:")"
choice="$({ echo "🆕add" ; echo "🕙sync-time" ; ls "$dir"/*-otp.gpg ;} | sed "s/.*\///;s/-otp.gpg//" | dmenu -p "Pick a 2FA:")"
case $choice in
🆕add )
ifinstalled maim zbar xclip || exit 1
ifinstalled maim zbar || exit 1
temp="$dir/temp.png"
temp=$(mktemp -p "$XDG_RUNTIME_DIR" --suffix=.png)
otp="otp-test-script"
trap 'shred -fu $temp; pass rm $otp' HUP INT QUIT TERM PWR EXIT
trap 'rm -f $temp; pass rm -f $otp' HUP INT QUIT TERM PWR EXIT
notify-send "Scan the image." "Scan the OTP QR code."
maim -s "$temp" || exit 1
info="$(zbarimg -q "$temp")"
info="${info#QR-Code:}"
issuer="$(echo "$info" | grep -o "issuer=[A-z0-9]\+")"
name="${issuer#issuer=}"
if echo "$info" | pass otp insert "$otp"; then
while true ; do
export name="$(dmenu -p "Give this One Time Password a one-word name:")"
export name="$(echo | dmenu -p "Give this One Time Password a one-word name:")"
echo "$name" | grep -q -- "^[A-z0-9-]\+$" && break
done
pass mv "$otp" "$name-otp"
@ -41,7 +39,6 @@ case $choice in
else
notify-send "No OTP data found." "Try to scan the image again more precisely."
fi
;;
🕙sync-time )
ifinstalled ntp || exit 1