deadman icon indicating copy to clipboard operation
deadman copied to clipboard

Published 20 hours ago verified publisher icon flowchartsman

Critical logic bug with shutDownNow() function across all architectures.

Open cowboysteeve opened this issue 4 years ago • 2 comments

@flowchartsman

Currently there is a logic issue that would ensure the user's freedom could be compromised. checkExe("shutdown") is executed in the shutdownNow() function. If shutdown is not executable for any reason shutdownNow() will not execute properly regardless of how much the user wished it would have while they were being dragged away.

The only thing that will happen is the error from checkExe() will be returned and shutdownNow() will not execute the shutdown command. I'd be laughing hysterically in prison if I were someone that relied on this as my anti-forensics/compulsion tool in a critical situation.

What I propose is; these checks should occur at initial run time to alert the user that one or more binaries are not executable (I acknowledge this is an edge case, but software such as this needs to be water tight), otherwise anyone that uses this application (including political dissidents in countries where you could not just be imprisoned, but tortured, or EXECUTED) in it's current state, is putting themselves at risk of losing more than just their freedom!

I will be submitting a pull request for the README.md at the very least to notify anyone that comes across this software that it is not in a state to be used to ensure any sort of safety.

Please do not take this personally. Take it as a learning experience.

I will also be submitting a pull request shortly to check whether or not the binary that is passed to the checkExe() function is executable. You are on the right track with this and I will continue to submit pull requests to help you get this into a "production ready" state.

~CowboySteeve

cowboysteeve avatar Nov 23 '19 12:11 cowboysteeve

I don't take it personally. This thing was initially written as a proof-of-concept to see how much feature parity I could get with another piece of software in a weekend. I've commented on your other PR with regards to this documentation warning. If you're willing to help out with this, I think that's great. I've been meaning to get back to it, but life is busy. I'm just happy to see some interest in it.

flowchartsman avatar Dec 02 '19 14:12 flowchartsman

I know how that goes! I will check on the other comment. I am certainly interested in helping out with it!

cowboysteeve avatar Dec 09 '19 22:12 cowboysteeve