aboutsummaryrefslogtreecommitdiff
path: root/cli_args.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-04-24 00:25:02 +0200
committerJakob Unterwurzacher2017-04-24 00:25:02 +0200
commit3409ade2723d931097560fbbe35e461553c5912c (patch)
treec12f3eb3fa93eba352170ab597d70d6a72498ce2 /cli_args.go
parentf1945c4daae65074cfca8f0ab5b97ac5a50c24a0 (diff)
forcedecode: tighten checks
...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec.
Diffstat (limited to 'cli_args.go')
-rw-r--r--cli_args.go12
1 files changed, 9 insertions, 3 deletions
diff --git a/cli_args.go b/cli_args.go
index f0bfb48..e42d9ae 100644
--- a/cli_args.go
+++ b/cli_args.go
@@ -171,11 +171,17 @@ func parseCliOpts() (args argContainer) {
tlog.Fatal.Printf("The reverse mode and the -forcedecode option are not compatible")
os.Exit(ErrExitUsage)
}
- v, e := strconv.ParseBool(opensslAuto)
- if e == nil && v == false {
- tlog.Warn.Printf("-openssl set to true, as it is required by -forcedecode flag")
+ // Has the user explicitely disabled openssl using "-openssl=false/0"?
+ if !args.openssl && opensslAuto != "auto" {
+ tlog.Fatal.Printf("-forcedecode requires openssl, but is disabled via command-line option")
+ os.Exit(ErrExitUsage)
}
args.openssl = true
+
+ // Try to make it harder for the user to shoot himself in the foot.
+ args.ro = true
+ args.allow_other = false
+ args.ko = "noexec"
}
// '-passfile FILE' is a shortcut for -extpass='/bin/cat -- FILE'
if args.passfile != "" {