Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical logic bug with shutDownNow() function across all architectures. #17

Open
cowboysteeve opened this issue Nov 23, 2019 · 2 comments
Open

Critical logic bug with shutDownNow() function across all architectures. #17

cowboysteeve opened this issue Nov 23, 2019 · 2 comments

Comments

@cowboysteeve
Copy link

@flowchartsman

Currently there is a logic issue that would ensure the user's freedom could be compromised. checkExe("shutdown") is executed in the shutdownNow() function. If shutdown is not executable for any reason shutdownNow() will not execute properly regardless of how much the user wished it would have while they were being dragged away.

The only thing that will happen is the error from checkExe() will be returned and shutdownNow() will not execute the shutdown command. I'd be laughing hysterically in prison if I were someone that relied on this as my anti-forensics/compulsion tool in a critical situation.

What I propose is; these checks should occur at initial run time to alert the user that one or more binaries are not executable (I acknowledge this is an edge case, but software such as this needs to be water tight), otherwise anyone that uses this application (including political dissidents in countries where you could not just be imprisoned, but tortured, or EXECUTED) in it's current state, is putting themselves at risk of losing more than just their freedom!

I will be submitting a pull request for the README.md at the very least to notify anyone that comes across this software that it is not in a state to be used to ensure any sort of safety.

Please do not take this personally. Take it as a learning experience.

I will also be submitting a pull request shortly to check whether or not the binary that is passed to the checkExe() function is executable. You are on the right track with this and I will continue to submit pull requests to help you get this into a "production ready" state.

~CowboySteeve
@flowchartsman
Copy link
Owner

I don't take it personally. This thing was initially written as a proof-of-concept to see how much feature parity I could get with another piece of software in a weekend. I've commented on your other PR with regards to this documentation warning. If you're willing to help out with this, I think that's great. I've been meaning to get back to it, but life is busy. I'm just happy to see some interest in it.

@cowboysteeve
Copy link
Author

I know how that goes! I will check on the other comment. I am certainly interested in helping out with it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@flowchartsman @cowboysteeve