From da9ff0cc66929401f82cd6db2536288a187f8021 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Sun, 14 May 2017 19:27:14 +1000 Subject: [PATCH] Tricorder: Insecure Opt-out * Check to see if Tricorder is being called directly * Provide opt-out for insecure transmission of debug log * Remove mention of internal function from help menu --- pihole | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/pihole b/pihole index f24461d3..8cffb5b2 100755 --- a/pihole +++ b/pihole @@ -269,10 +269,24 @@ piholeCheckoutFunc() { } tricorderFunc() { + if [ ! -p "/dev/stdin" ]; then + echo "Please do not call Tricorder directly." + exit 1 + fi + if command -v openssl &> /dev/null; then openssl s_client -quiet -connect tricorder.pi-hole.net:9998 2> /dev/null < /dev/stdin else - nc tricorder.pi-hole.net 9999 < /dev/stdin + echo "The debug log will be transmitted insecurely via plain-text" + echo "If you wish to cancel, press Ctrl-C to exit within 10 seconds" + secs="10" + while [ "$secs" -gt 0 ]; do + echo -ne "." + sleep 1 + : $((secs--)) + done + echo " " + nc tricorder.pi-hole.net 9999 < /dev/stdin < /dev/stdin fi } @@ -310,7 +324,6 @@ helpFunc() { ::: 'pihole disable 5m' - will disable blocking for 5 minutes ::: restartdns Restart dnsmasq ::: checkout Check out different branches -::: tricorder Upload log to Pi-hole's medical tricorder (uses SSL when possible) EOM exit 0 }