Add new command line options #167
Conversation
| VLOG(1) << "useStdin: " << useStdin; | ||
| if (useStdin) { | ||
| VLOG(1) << "passSrc: " << opts->passSrc; | ||
| if (opts->passSrc != Pass_Prompt) { |
There was a problem hiding this comment.
shouldn't this be opts->passSrc == Pass_Stdin ?
There was a problem hiding this comment.
You're right -- on Windows we don't have passwordProgram, so I didn't see that this will never be executed with the current layout on Linux.
We want to fall into userKey = config->getUserKey(opts); for either Pass_Stdin or Pass_Cmd. What do you think about changing this if-statement to:
if (opts->passSrc == Pass_Cmd || opts->passSrc == Pass_Stdin) {
...
else if (opts->passSrc == Pass_Ext)
...
else
|
TrueCrypt/VeraCrypt both allow for passing the password in via command line options (see https://veracrypt.codeplex.com/wikipage?title=Command%20Line%20Usage). It can be useful when you want to create encrypted filesystems in an automated fashion in software (e.g., encfs --standard --password="$usrpass" /home/me /tmp/crypt-view) without needing to create pipes to the program to send the password to it. Usage of it should be discouraged (in documentation) on the command line, since it may maintain a history, though. |
Not only history of the shell is a problem. Under Linux the command |
|
For scripting, the option to pass some form of password to the binary is essential, either through a string, a pipe, an external password utility, or any means. I am currently using the -S|--stdinpass option, and hope that it stays. |
@jetwhiz Hmm, that's interesting. There are other programs like fetchmail which don't have an option like this explicitly for process security reasons.
I was going to propose an alternate solution for people who want to launch EncFS with an unattended script (which includes me): an option to specify a permissions-restricted file which contains the password, e.g. "--password-file". |
|
This option already exists through "--extpass". The difference to
"--password" is that you can use it securely using something like "cat
mypassword.txt".
|
|
@rfjakob For the --extpass= option, an executable program is required, even if it is just to cat a file. On certain platforms like Windows, there is no default system binary which can do this. Commands like "echo" and "type" are built-in cmd.exe shell commands and do not work. |
Why not invoking cmd.exe with something like |
|
@Aikhjarto That'll work. Mind you, I'm just trying to suggest an acceptable/equivalent alternative to a "--password=" option. If there are no objections to implementing a "--password=" option, then there's no point for a "--password-file=" option. |
|
I think |
|
Yes please, there is no way to use |
|
The latest version should now include: --mount - only mount FS (do not create) |
|
We should really allow providing the password in command line. At the same time, there are many legitimate use cases for this. As an option, using "passfile" (which would work on other platforms, even windows cmd) solution would only be a bit more complicated for the ones who need this functionality, but it would at least eliminate "ps aux" and shell history implications. |
|
Hear hear! Please don't take essential options away. |
|
Something like |
|
I do hope the --stdinpass option stays, but I don't understand why you would remove options that users want, have a good use case for, and don't take a lot of code. |
|
Dear @pepa65 , no options will be removed, this discussion is strictly about adding new ones! |
|
@rfjakob Should I open a new pull request with the squashed commits, or is there a way to do that on GitHub? |
|
Yes, just "git push --force" into the branch that you used for the pull
request. The changed commits will show up automatically in the pull request.
|
--mount - only mount FS (do not create) --unmount - unmount FS --config=path - specify config file (override ENV)
|
Good idea with these new command-line options @jetwhiz! I've been missing the mount/unmount commands. I'd like to add some thoughts about passing passwords through files, though. This technique does not appear to be secure. I see a number of potential issues:
One could probably work around these, but I'm a little concerned about adding features that let users use their passwords in insecure ways. If such features are added, I hope you add some big fat warning messages next to them. |
|
IMO there should be warnings, but the options should definitely be there. Otherwise it's very hard to automate the operation, which is an essential functionality for some users. If these options are not implemented, it will force users to either use other encryption software (which leads to segmentation of the field and ultimately more code which is spread out, which has more bugs and thus overall less security), or implement some external addons (like sshpass) which will introduce all the problems we discuss here, and even more, because those addons are not very likely to be implemented securely. This is opensource, we should give users the most flexibility with decent defaults, and hide dangerous options behind warnings and manuals. If they wanted a dull solution they would use bitlocker. |
|
@imperative I completely agree that it should be possible to integrate/automate encfs! I'm working on a project about this myself right now :). I don't mind adding this feature, I'm just a little concerned, that's all. I don't know what the best practice for doing this kind of thing would be, it's just that passing the password through command line or file on disk seems somewhat insecure. Maybe there is a better way? |
|
please see #474 for a rework 👍 |
Add new command line options
--mount - only mount FS (do not create)
--unmount - unmount FS
--config=path - specify config file (override ENV)
--password=passwd - specify password