NAME

       splashy - Mandos plugin to use splashy to get a password.

SYNOPSIS

       splashy

DESCRIPTION

       This program prompts for a password using splashy_update(8) and outputs any given password to standard
       output. If no splashy(8) process can be found, this program will immediately exit with an exit code
       indicating failure.

       This program is not very useful on its own. This program is really meant to run as a plugin in the Mandos
       client-side system, where it is used as a fallback and alternative to retrieving passwords from a Mandos
       server.

       If this program is killed (presumably by plugin-runner(8mandos) because some other plugin provided the
       password), it cannot tell splashy(8) to abort requesting a password, because splashy(8) does not support
       this. Therefore, this program will then kill the running splashy(8) process and start a new one, using
       “boot” as the only argument.

OPTIONS

       This program takes no options.

EXIT STATUS

       If exit status is 0, the output from the program is the password as it was read. Otherwise, if exit
       status is other than 0, the program was interrupted or encountered an error, and any output so far could
       be corrupt and/or truncated, and should therefore be ignored.

ENVIRONMENT

       cryptsource, crypttarget
           If set, these environment variables will be assumed to contain the source device name and the target
           device mapper name, respectively, and will be shown as part of the prompt.

           These variables will normally be inherited from plugin-runner(8mandos), which will normally have
           inherited them from /scripts/local-top/cryptroot in the initial RAM disk environment, which will have
           set them from parsing kernel arguments and /conf/conf.d/cryptroot (also in the initial RAM disk
           environment), which in turn will have been created when the initial RAM disk image was created by
           /usr/share/initramfs-tools/hooks/cryptroot, by extracting the information of the root file system
           from /etc/crypttab.

           This behavior is meant to exactly mirror the behavior of askpass, the default password prompter.

FILES

       /sbin/splashy_update
           This is the command run to retrieve a password from splashy(8). See splashy_update(8).

       /proc
           To find the running splashy(8), this directory will be searched for numeric entries which will be
           assumed to be directories. In all those directories, the exe entry will be used to determine the name
           of the running binary and the effective user and group ID of the process. See proc(5).

       /sbin/splashy
           This is the name of the binary which will be searched for in the process list. See splashy(8).

BUGS

       Killing splashy(8) and starting a new one is ugly, but necessary as long as it does not support aborting
       a password request.

EXAMPLE

       Note that normally, this program will not be invoked directly, but instead started by the Mandos plugin-
       runner(8mandos).

       This program takes no options.

       splashy

SECURITY

       If this program is killed by a signal, it will kill the process ID which at the start of this program was
       determined to run splashy(8) as root (see also the section called “FILES”). There is a very slight risk
       that, in the time between those events, that process ID was freed and then taken up by another process;
       the wrong process would then be killed. Now, this program can only be killed by the user who started it;
       see plugin-runner(8mandos). This program should therefore be started by a completely separate
       non-privileged user, and no other programs should be allowed to run as that special user. This means that
       it is not recommended to use the user "nobody" to start this program, as other possibly less trusted
       programs could be running as "nobody", and they would then be able to kill this program, triggering the
       killing of the process ID which may or may not be splashy(8).

       The only other thing that could be considered worthy of note is this: This program is meant to be run by
       plugin-runner(8mandos), and will, when run standalone, outside, in a normal environment, immediately
       output on its standard output any presumably secret password it just received. Therefore, when running
       this program standalone (which should never normally be done), take care not to type in any real secret
       password by force of habit, since it would then immediately be shown as output.

SEE ALSO

       intro(8mandos), crypttab(5), plugin-runner(8mandos), proc(5), splashy(8), splashy_update(8)

COPYRIGHT

       Copyright © 2008-2009, 2012 Teddy Hogeborn, Björn Påhlsson

       This manual page is free software: you can redistribute it and/or modify it under the terms of the GNU
       General Public License as published by the Free Software Foundation, either version 3 of the License, or
       (at your option) any later version.

       This manual page is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
       even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
       Public License for more details.

       You should have received a copy of the GNU General Public License along with this program. If not, see
       http://www.gnu.org/licenses/.

Mandos 1.6.0                                       2012-01-01                                   SPLASHY(8mandos)