forcedecode: tighten checks

...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec.
author: Jakob Unterwurzacher 2017-04-24 00:25:02 +0200
committer: Jakob Unterwurzacher 2017-04-24 00:25:02 +0200
commit: 3409ade2723d931097560fbbe35e461553c5912c (patch)
tree: c12f3eb3fa93eba352170ab597d70d6a72498ce2 /cli_args.go
parent: f1945c4daae65074cfca8f0ab5b97ac5a50c24a0 (diff)
1 files changed, 9 insertions, 3 deletions
diff --git a/cli_args.go b/cli_args.go
index f0bfb48..e42d9ae 100644
--- a/cli_args.go
+++ b/cli_args.go
@@ -171,11 +171,17 @@ func parseCliOpts() (args argContainer) {
 			tlog.Fatal.Printf("The reverse mode and the -forcedecode option are not compatible")
 			os.Exit(ErrExitUsage)
 		}
-		v, e := strconv.ParseBool(opensslAuto)
-		if e == nil && v == false {
-			tlog.Warn.Printf("-openssl set to true, as it is required by -forcedecode flag")
+		// Has the user explicitely disabled openssl using "-openssl=false/0"?
+		if !args.openssl && opensslAuto != "auto" {
+			tlog.Fatal.Printf("-forcedecode requires openssl, but is disabled via command-line option")
+			os.Exit(ErrExitUsage)
 		}
 		args.openssl = true
+
+		// Try to make it harder for the user to shoot himself in the foot.
+		args.ro = true
+		args.allow_other = false
+		args.ko = "noexec"
 	}
 	// '-passfile FILE' is a shortcut for -extpass='/bin/cat -- FILE'
 	if args.passfile != "" {
author	Jakob Unterwurzacher	2017-04-24 00:25:02 +0200
committer	Jakob Unterwurzacher	2017-04-24 00:25:02 +0200
commit	3409ade2723d931097560fbbe35e461553c5912c (patch)
tree	c12f3eb3fa93eba352170ab597d70d6a72498ce2 /cli_args.go
parent	f1945c4daae65074cfca8f0ab5b97ac5a50c24a0 (diff)