* [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied
@ 2010-08-30 1:27 Aaron Lewis
2010-08-30 6:55 ` Heinz Diehl
2010-08-30 7:52 ` Milan Broz
0 siblings, 2 replies; 7+ messages in thread
From: Aaron Lewis @ 2010-08-30 1:27 UTC (permalink / raw)
To: dm-crypt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi.
I did a small modification , make cryptsetup funny , these code is not
secure as i didn't verify changes on ogg123 & sound files.
When typing in wrong codes , you'll hear a woman voice `access denied' ,
and '`access granted' for right password.
I can't spread the sound file anyway , it's from DOOM 3 for linux.
- --- luks/keymanage.c 2010-05-28 00:32:10.000000000 +0800
+++ luks-mod/keymanage.c 2010-08-29 16:21:32.653337261 +0800
@@ -676,6 +676,28 @@
return r;
}
+#define MAX_SOUND_LEN 100
+#define MAX_CMD_LEN 200
+
+void Doom_Sound( int granted ) {
+ char *fName = (char *) malloc ( sizeof(char) * MAX_SOUND_LEN );
+ char *syscmd = (char* ) malloc ( sizeof(char) * MAX_CMD_LEN );
+
+ if ( granted ) {
+ strncpy (fName ,
"/usr/share/sounds/comp_access_granted.ogg" , MAX_SOUND_LEN );
+ } else {
+ strncpy (fName ,
"/usr/share/sounds/comp_access_denied.ogg" , MAX_SOUND_LEN );
+ }
+
+ if ( access ( fName , R_OK ) != -1 ) {
+ snprintf ( syscmd , MAX_CMD_LEN , "/usr/bin/ogg123 -d
alsa %s &>/dev/null" , fName );
+ }
+
+ if ( system ( syscmd ) ) {
+ return;
+ }
+}
+
int LUKS_open_key_with_hdr(const char *device,
int keyIndex,
const char *password,
@@ -694,16 +716,20 @@
for(i = 0; i < LUKS_NUMKEYS; i++) {
r = LUKS_open_key(device, i, password, passwordLen, hdr,
*mk, ctx);
- - if(r == 0)
+ if(r == 0) {
+ Doom_Sound ( 1 );
return i;
+ }
/* Do not retry for errors that are no -EPERM or -ENOENT,
former meaning password wrong, latter key slot
inactive */
- - if ((r != -EPERM) && (r != -ENOENT))
+ if ((r != -EPERM) && (r != -ENOENT)) {
return r;
+ }
}
/* Warning, early returns above */
log_err(ctx, _("No key available with this passphrase.\n"));
+ Doom_Sound ( 0 );
return -EPERM;
}
Just for fun as i said , if anyone like it ;-)
What do you guys think , i'd like to grab your opinions ;-)
P.S: if your system got attacked by a hacked /usr/bin/ogg123 or sound
files, that's ..
- --
Best Regards,
Aaron Lewis - PGP: 0x4A6D32A0
FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0
irc: A4R0NL3WI5 on freenode
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkx7CRkACgkQvf41sEptMqC+iACgxMXbNcsuogRU3F0k8h/NrlH0
aAAAn3TbZp7QyOSmxeJ9CYt61SYZx+HJ
=wZ9C
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied
2010-08-30 1:27 [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied Aaron Lewis
@ 2010-08-30 6:55 ` Heinz Diehl
2010-08-30 10:20 ` Aaron Lewis
2010-08-30 7:52 ` Milan Broz
1 sibling, 1 reply; 7+ messages in thread
From: Heinz Diehl @ 2010-08-30 6:55 UTC (permalink / raw)
To: dm-crypt
On 30.08.2010, Aaron Lewis wrote:
> What do you guys think , i'd like to grab your opinions ;-)
Every bit of code which obviously introduces security flaws is
just...hmm... utter bullshit :-)
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied
2010-08-30 1:27 [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied Aaron Lewis
2010-08-30 6:55 ` Heinz Diehl
@ 2010-08-30 7:52 ` Milan Broz
2010-08-30 10:18 ` Aaron Lewis
1 sibling, 1 reply; 7+ messages in thread
From: Milan Broz @ 2010-08-30 7:52 UTC (permalink / raw)
To: Aaron Lewis; +Cc: dm-crypt
On 08/30/2010 03:27 AM, Aaron Lewis wrote:
> I did a small modification , make cryptsetup funny , these code is not
> secure as i didn't verify changes on ogg123 & sound files.
This is some kind of "find 5 security problems" cartoon? :-)
Seriously, please do not post such things here, cryptsetup runs with
root privileges and you introduced nice "backdoor" here...
(This reminds me http://xkcd.com/327/ :-)
Anyway, there are also exit codes, so you can do this using simple shell
script so it is also completely wrong approach, sorry.
Milan
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied
2010-08-30 7:52 ` Milan Broz
@ 2010-08-30 10:18 ` Aaron Lewis
2010-08-30 10:33 ` Milan Broz
0 siblings, 1 reply; 7+ messages in thread
From: Aaron Lewis @ 2010-08-30 10:18 UTC (permalink / raw)
To: Milan Broz; +Cc: dm-crypt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/30/2010 03:52 PM, Milan Broz wrote:
> On 08/30/2010 03:27 AM, Aaron Lewis wrote:
>> I did a small modification , make cryptsetup funny , these code is not
>> secure as i didn't verify changes on ogg123 & sound files.
>
> This is some kind of "find 5 security problems" cartoon? :-)
>
> Seriously, please do not post such things here, cryptsetup runs with
> root privileges and you introduced nice "backdoor" here...
> (This reminds me http://xkcd.com/327/ :-)
Sorry for it , just ignore it ;-)
> Anyway, there are also exit codes, so you can do this using simple shell
> script so it is also completely wrong approach, sorry.
Won't be the next time , i just got a copy of doom3 for linux , so came
up with an idea for the cool sound .. i know it's a big security problem
, i'm not gonna merge it into my system.
BTW: by default cryptsetup try 3 times before a user type in the right
code , is there any way to make it check only once ?
( if i'm not using a shell pipe in system() passing my password )
Thanks !
- --
Best Regards,
Aaron Lewis - PGP: 0x4A6D32A0
FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0
irc: A4R0NL3WI5 on freenode
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkx7hYIACgkQvf41sEptMqBmWgCfQg9UpGKGdoaeBP3t4JUpoR9t
5fMAniLgOu4XmdBs0Z+S+rvqS5XIJHex
=rtg9
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied
2010-08-30 6:55 ` Heinz Diehl
@ 2010-08-30 10:20 ` Aaron Lewis
0 siblings, 0 replies; 7+ messages in thread
From: Aaron Lewis @ 2010-08-30 10:20 UTC (permalink / raw)
To: dm-crypt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/30/2010 02:55 PM, Heinz Diehl wrote:
> On 30.08.2010, Aaron Lewis wrote:
>
>> What do you guys think , i'd like to grab your opinions ;-)
>
> Every bit of code which obviously introduces security flaws is
> just...hmm... utter bullshit :-)
Just for fun , i'm not merging it into my system ;-)
Thanks anyway.
- --
Best Regards,
Aaron Lewis - PGP: 0x4A6D32A0
FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0
irc: A4R0NL3WI5 on freenode
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkx7hgAACgkQvf41sEptMqBjkACcDmlxkaSkL3npfGRR2BZkiO5a
j0kAnR6y3j8lm1M4IJiqr+37cJs6hLkD
=2ajZ
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied
2010-08-30 10:18 ` Aaron Lewis
@ 2010-08-30 10:33 ` Milan Broz
2010-09-01 6:14 ` [dm-crypt] [SOLVE] " Aaron Lewis
0 siblings, 1 reply; 7+ messages in thread
From: Milan Broz @ 2010-08-30 10:33 UTC (permalink / raw)
To: Aaron Lewis; +Cc: dm-crypt
On 08/30/2010 12:18 PM, Aaron Lewis wrote:
> BTW: by default cryptsetup try 3 times before a user type in the right
> code , is there any way to make it check only once ?
> ( if i'm not using a shell pipe in system() passing my password )
See --tries / -T option (-T 1).
I think there was a bug that it tried three times even if passphrase was piped,
but this should be fixed in 1.1.3.
Milan
^ permalink raw reply [flat|nested] 7+ messages in thread
* [dm-crypt] [SOLVE] OT: Just for fun , outputing a sound as access granted or denied
2010-08-30 10:33 ` Milan Broz
@ 2010-09-01 6:14 ` Aaron Lewis
0 siblings, 0 replies; 7+ messages in thread
From: Aaron Lewis @ 2010-09-01 6:14 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: Text/Plain, Size: 484 bytes --]
Hi, Milan Broz
> On 08/30/2010 12:18 PM, Aaron Lewis wrote:
> > BTW: by default cryptsetup try 3 times before a user type in the right
> > code , is there any way to make it check only once ?
> > ( if i'm not using a shell pipe in system() passing my password )
>
> See --tries / -T option (-T 1).
>
Tried , works.
Thanks.
--
Best Regards,
Aaron Lewis - PGP: 0x4A6D32A0
FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0
irc: A4R0NL3WI5 on freenode
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-09-01 6:15 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-08-30 1:27 [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied Aaron Lewis
2010-08-30 6:55 ` Heinz Diehl
2010-08-30 10:20 ` Aaron Lewis
2010-08-30 7:52 ` Milan Broz
2010-08-30 10:18 ` Aaron Lewis
2010-08-30 10:33 ` Milan Broz
2010-09-01 6:14 ` [dm-crypt] [SOLVE] " Aaron Lewis
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.