splashy - Mandos plugin to use splashy to get a password.
This program prompts for a password using splashy_update
(8) and outputs
any given password to standard output. If no splashy
(8) process can be
found, this program will immediately exit with an exit code indicating
This program is not very useful on its own. This program is really meant to run
as a plugin in the Mandos client-side system, where it is used as a fallback
and alternative to retrieving passwords from a Mandos server.
If this program is killed (presumably by plugin-runner
some other plugin provided the password), it cannot tell splashy
abort requesting a password, because splashy
(8) does not support this.
Therefore, this program will then kill
the running splashy
process and start a new
one, using “boot” as the only
This program takes no options.
If exit status is 0, the output from the program is the password as it was read.
Otherwise, if exit status is other than 0, the program was interrupted or
encountered an error, and any output so far could be corrupt and/or truncated,
and should therefore be ignored.
If set, these environment variables will be
assumed to contain the source device name and the target device mapper name,
respectively, and will be shown as part of the prompt.
These variables will normally be inherited from plugin-runner
which will normally have inherited them from /scripts/local-top/cryptroot in
the initial RAM disk environment, which will have set them from parsing kernel
arguments and /conf/conf.d/cryptroot (also in the initial RAM disk
environment), which in turn will have been created when the initial RAM disk
image was created by /usr/share/initramfs-tools/hooks/cryptroot, by extracting
the information of the root file system from /etc/crypttab.
This behavior is meant to exactly mirror the behavior of askpass
default password prompter.
This is the command run to retrieve a password
from splashy(8). See splashy_update(8).
To find the running splashy(8), this
directory will be searched for numeric entries which will be assumed to be
directories. In all those directories, the exe entry will be used to determine
the name of the running binary and the effective user and group ID of the
process. See proc(5).
This is the name of the binary which will be
searched for in the process list. See splashy(8).
(8) and starting a new one is ugly, but necessary as long
as it does not support aborting a password request.
Please report bugs to the Mandos development mailing list:
<firstname.lastname@example.org> (subscription required). Note that this list
is public. The developers can be reached privately at
<email@example.com> (OpenPGP key fingerprint 153A 37F1 0BBA 0435 987F
2C4A 7223 2973 CA34 C2C4 for encrypted mail).
Note that normally, this program will not be invoked directly, but instead
started by the Mandos plugin-runner
This program takes no options.
If this program is killed by a signal, it will kill the process ID which at the
start of this program was determined to run splashy
(8) as root (see
also the section called “FILES”). There is a very slight risk
that, in the time between those events, that process ID was freed and then
taken up by another process; the wrong process would then be killed. Now, this
program can only be killed by the user who started it; see
(8mandos). This program should therefore be started by a
completely separate non-privileged user, and no other programs should be
allowed to run as that special user. This means that it is not recommended to
use the user "nobody" to start this program, as other possibly less
trusted programs could be running as "nobody", and they would then
be able to kill this program, triggering the killing of the process ID which
may or may not be splashy
The only other thing that could be considered worthy of note is this: This
program is meant to be run by plugin-runner
(8mandos), and will, when
run standalone, outside, in a normal environment, immediately output on its
standard output any presumably secret password it just received. Therefore,
when running this program standalone (which should never normally be done),
take care not to type in any real secret password by force of habit, since it
would then immediately be shown as output.
Copyright © 2008-2017 Teddy Hogeborn, Björn Påhlsson
This manual page is part of Mandos.
Mandos is free software: you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
Mandos is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
Mandos. If not, see http://www.gnu.org/licenses/