Use pmount, remove sudoer rights to the user

Fixes #9

fs/etc/fstab

@@ -2,4 +2,5 @@ proc            /proc           proc    defaults          0       0
 /dev/mmcblk0p1  /boot           vfat    ro,defaults          0       0
 /dev/mmcblk0p2  /               ext4    ro,defaults,noatime  0       0
 tmpfs   /tmp    tmpfs  rw,size=64M,noexec,nodev,nosuid,mode=1777   0  0
+tmpfs   /media  tmpfs  rw,size=64M,noexec,nodev,nosuid,mode=1777   0  0
 # a swapfile is not a swap partition, so no using swapon|off from here on, use  dphys-swapfile swap[on|off]  for that

fs/etc/sudoers

@@ -26,5 +26,3 @@ Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/b
 
 #includedir /etc/sudoers.d
 #pi ALL=(ALL) NOPASSWD: ALL
-Cmnd_Alias GROOMER_CMDS = /home/kitten/kitten_mount_src,     /home/kitten/kitten_mount_dst, /home/kitten/kitten_umount
-kitten  ALL = NOPASSWD: GROOMER_CMDS

fs/opt/groomer/constraint.sh

@@ -1,31 +1,23 @@
 DEV_SRC='/dev/sda'
-DEV_DST='/dev/sdb1'
+DEV_DST='sdb1'
 
 # User allowed to do the following commands without password
 USERNAME='kitten'
-HOME="/home/${USERNAME}"
 MUSIC="/opt/midi/"
 
-TMP="/tmp"
+ID=`/usr/bin/id -u`
 
 # Paths used in multiple scripts
-SRC="${TMP}/src"
-DST="${TMP}/dst"
-TEMP="${DST}/temp"
-ZIPTEMP="${DST}/ziptemp"
-LOGS="${DST}/logs"
+SRC="src"
+DST="dst"
+TEMP="/media/${DST}/temp"
+ZIPTEMP="/media/${DST}/ziptemp"
+LOGS="/media/${DST}/logs"
 
 
 # commands
-SUDO='/usr/bin/sudo'
-ID=`/usr/bin/id -u`
 SYNC='/bin/sync'
 TIMIDITY='/usr/bin/timidity'
 MOUNT='/bin/mount'
-
-# root commands.
-# To avoid the risk that an attacker use -o remount on mount and other nasty
-# commands, we use our own scripts to invoke mount and umount.
-MOUNT_DST="${HOME}/kitten_mount_dst"
-MOUNT_SRC="${HOME}/kitten_mount_src"
-UMOUNT="${HOME}/kitten_umount"
+PMOUNT='/usr/bin/pmount'
+PUMOUNT='/usr/bin/pumount'

fs/opt/groomer/functions.sh

@@ -73,7 +73,7 @@ archive(){
         rm -rf "${2}"
         rm -rf "${2}_temp"
     fi
-    CURRENT_SRC=${SRC}
+    CURRENT_SRC="/media/${SRC}"
 }
 
 
@@ -149,7 +149,7 @@ main(){
     set -x
 
     if [ -z ${2} ]; then
-        CURRENT_SRC=${SRC}
+        CURRENT_SRC="/media/${SRC}"
         RECURSIVE_ARCHIVE_CURRENT=0
         ARCHIVE_BOMB=0
     else

fs/opt/groomer/groomer.sh

@@ -16,14 +16,12 @@ clean(){
     ${SYNC}
 
     # Cleanup source
-    ${SUDO} ${UMOUNT} ${SRC}
-    rm -rf ${SRC}
+    pumount ${SRC}
 
     # Cleanup destination
     rm -rf ${TEMP}
     rm -rf ${ZIPTEMP}
-    ${SUDO} ${UMOUNT} ${DST}
-    rm -rf ${DST}
+    pumount ${DST}
 
     exit
 }
@@ -43,31 +41,23 @@ if [ -z "${DEV_PARTITIONS}" ]; then
 fi
 
 # Do we have a destination device
-if [ ! -b ${DEV_DST} ]; then
-    echo "Destination device (${DEV_DST}) does not exists."
+if [ ! -b "/dev/${DEV_DST}" ]; then
+    echo "Destination device (/dev/${DEV_DST}) does not exists."
     exit
 fi
 
-# Prepare mount points
-if [ ! -d ${SRC} ]; then
-    mkdir ${SRC}
-fi
-if [ ! -d ${DST} ]; then
-    mkdir ${DST}
-fi
-
 # mount and prepare destination device
 if ${MOUNT}|grep ${DST}; then
-    ${SUDO} ${UMOUNT} ${DST} || true
+    ${PUMOUNT} ${DST} || true
 fi
 # uid= only works on a vfat FS. What should wedo if we get an ext* FS ?
-${SUDO} ${MOUNT_DST} ${ID} ${DEV_DST} ${DST}
+${PMOUNT} -w ${DEV_DST} ${DST}
 if [ ${?} -ne 0 ]; then
-    echo "Unable to mount ${DEV_DST} on ${DST}"
+    echo "Unable to mount /dev/${DEV_DST} on /media/${DST}"
     exit
 else
-    echo "Target USB device (${DEV_DST}) mounted at ${DST}"
-    rm -rf "${DST}/FROM_PARTITION_"*
+    echo "Target USB device (/dev/${DEV_DST}) mounted at /media/${DST}"
+    rm -rf "/media/${DST}/FROM_PARTITION_"*
 
     # prepare temp dirs and make sure it's empty
     mkdir -p "${TEMP}"
@@ -87,27 +77,30 @@ do
     # Processing a partition
     echo "Processing partition: ${partition}"
     if [ `${MOUNT} | grep -c ${SRC}` -ne 0 ]; then
-        ${SUDO} ${UMOUNT} ${SRC}
+        ${PUMOUNT} ${SRC}
     fi
 
-    ${SUDO} ${MOUNT_SRC} ${partition} ${SRC}
+    ${PMOUNT} -w ${partition} ${SRC}
+    ls "/media/${SRC}" | grep -i autorun.inf | xargs -I {} mv "/media/${SRC}"/{} "/media/${SRC}"/DANGEROUS_{}_DANGEROUS || true
+    ${PUMOUNT} ${SRC}
+    ${PMOUNT} -r ${partition} ${SRC}
     if [ ${?} -ne 0 ]; then
-        echo "Unable to mount ${partition} on ${SRC}"
+        echo "Unable to mount ${partition} on /media/${SRC}"
     else
-        echo "${partition} mounted at ${SRC}"
+        echo "${partition} mounted at /media/${SRC}"
 
         # Print the filenames on the current partition in a logfile
-        find "${SRC}" -fls "${LOGS}/Content_partition_${PARTCOUNT}.txt"
+        find "/media/${SRC}" -fls "${LOGS}/Content_partition_${PARTCOUNT}.txt"
 
         # create a directory on ${DST} named PARTION_$PARTCOUNT
-        target_dir="${DST}/FROM_PARTITION_${PARTCOUNT}"
+        target_dir="/media/${DST}/FROM_PARTITION_${PARTCOUNT}"
         echo "copying to: ${target_dir}"
         mkdir -p "${target_dir}"
         LOGFILE="${LOGS}/processing.txt"
 
-        echo "==== Starting processing of ${SRC} to ${target_dir}. ====" >> ${LOGFILE}
+        echo "==== Starting processing of /media/${SRC} to ${target_dir}. ====" >> ${LOGFILE}
         main ${target_dir} || true
-        echo "==== Done with ${SRC} to ${target_dir}. ====" >> ${LOGFILE}
+        echo "==== Done with /media/${SRC} to ${target_dir}. ====" >> ${LOGFILE}
 
         ls -lR "${target_dir}"
     fi

prepare_rPI.sh

@@ -3,14 +3,15 @@
 # change locales to en_US.UTF-8
 dpkg-reconfigure locales
 
-
+sed -i "s/wheezy/jessie/" /etc/apt/sources.list
 apt-get update
 apt-get dist-upgrade
 apt-get autoremove
-apt-get install libreoffice p7zip-full libfontforge1 timidity freepats
-dpkg -i --ignore-depends=libpoppler27 pdf2htmlex*.deb
+apt-get install libreoffice p7zip-full libfontforge1 timidity freepats pmount
+dpkg -i pdf2htmlex*.deb
 
 # Make Libreoffice usable on a RO filesystem
+useradd -m kitten
 pushd /home/kitten
 ln -s /tmp/libreoffice
 popd
@@ -21,3 +22,6 @@ ln -s /proc/mounts /etc/mtab
 
 # Disable swap
 dphys-swapfile uninstall
+
+# enable rc.local
+systemctl enable rc-local.service