pass: no /dev/shm on non rooted android

[saifamrkhail]

Hi!
I have a security issue, when using pass with git, at least the warning on cli says so.
My setup is as follows:
I have Termux running on a Huawei P40Lite and my Android 10 is not rooted.
I am using pass along with git and I am getting the following warning when executing pass git status / pull / push.

~ $ pass git status
  Your system does not have /dev/shm, which means that it may
  be difficult to entirely erase the temporary non-encrypted
  password file after editing.

The src code for this warning is in src-password-store.sh.patch. If the non-encrypted file remains in memory, then I have a security issue. Is there a fix to this problem?

Here my termux, pass and git version:

~ $ termux-info
Application version:
0.118.0
Packages CPU architecture:
aarch64
Subscribed repositories:
sources.list
deb https://packages.termux.org/apt/termux-main/ stable main
Updatable packages:
All packages up to date
Android version:
10
Kernel build information:
Linux localhost 4.14.116 #1 SMP PREEMPT Tue Nov 9 12:37:22 CST 2021 aarch64 Android
Device manufacturer:
HUAWEI
Device model:
MAR-LX1A

~ $ pass --version
============================================
= pass: the standard unix password manager                   
=                                                                                        
=                  v1.7.4                                                             
=                                                                                         
=             Jason A. Donenfeld                                             
=               [email protected]                                            
=                                                                                         
=      http://www.passwordstore.org/                                   
============================================

~ $ git version 
git version  2.35.0

I appreciate your help.

[ghost]

Right, Android doesn't have /dev/shm or equivalent TMPFS mount point and having it isn't possible without root anyway. pass wants to use /dev/shm which is usually a RAM disk to ensure that no file contents will remain on storage after file has been deleted.

You don't have security issue as soon as:

• Your device is not rooted and therefore verified boot is not tampered.
• Data partition is encrypted (basically any modern Android device) and screen lock is set.

Android isn't same as traditional Linux systems where system owner has root access and can dig through all content (even recently deleted) on /dev/sda.

[saifamrkhail]

Thank you for your quick and detailed response. Yes, my Android verified boot is not tampered. Android 10 encrypts by default data partition, and with Termux getprop ro.crypto.state I could verify that my files are encrypted.

Since I am safe I would like to turn off the mentioned warning after it was displayed once to me? I get the warning with each pass git command.

# This if clause will be always true for Android,  even though in my case I am safe. 
[[ $(uname -o) == "Android" ]] || [[ $warn -eq 1 ]] && yesno "$(cat <<-_EOF
 Your system does not have /dev/shm, which means that it may
 be difficult to entirely erase the temporary non-encrypted
 password file after editing.
 Are you sure you would like to continue?

I suggest the warning is extended to include the information you provided. Termux can also tell the user if his data partition is encrypted or not with getprop ro.crypto.state. Then the user can decide for himself, if he will have a security issue or not.
Termux could save users choice in a way so it can checkout for it and it does not print out the warning more than once.

[pbx]

I agree it would be nice to have a way to silence this warning.

[sylirre]

@pbx Going to be fixed in version 1.7.4-2.