Do not write passwords to the command log (#3291)
This commit is contained in:
codefiles
GitHub
parent
16a84ba662
commit
0e71bcff78
|
|
@ -307,21 +307,7 @@ class SysCommandWorker:
|
|||
|
||||
# https://stackoverflow.com/questions/4022600/python-pty-fork-how-does-it-work
|
||||
if not self.pid:
|
||||
history_logfile = Path(f"{storage['LOG_PATH']}/cmd_history.txt")
|
||||
|
||||
change_perm = False
|
||||
if history_logfile.exists() is False:
|
||||
change_perm = True
|
||||
|
||||
try:
|
||||
with history_logfile.open("a") as cmd_log:
|
||||
cmd_log.write(f"{time.time()} {self.cmd}\n")
|
||||
|
||||
if change_perm:
|
||||
history_logfile.chmod(stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP)
|
||||
except (PermissionError, FileNotFoundError):
|
||||
# If history_logfile does not exist, ignore the error
|
||||
pass
|
||||
_log_cmd(self.cmd)
|
||||
|
||||
try:
|
||||
os.execve(self.cmd[0], list(self.cmd), {**os.environ, **self.environment_vars})
|
||||
|
|
@ -456,6 +442,29 @@ class SysCommand:
|
|||
return None
|
||||
|
||||
|
||||
def _log_cmd(cmd: list[str]) -> None:
|
||||
history_logfile = Path(f"{storage['LOG_PATH']}/cmd_history.txt")
|
||||
|
||||
change_perm = False
|
||||
if history_logfile.exists() is False:
|
||||
change_perm = True
|
||||
|
||||
try:
|
||||
with history_logfile.open("a") as cmd_log:
|
||||
cmd_log.write(f"{time.time()} {cmd}\n")
|
||||
|
||||
if change_perm:
|
||||
history_logfile.chmod(stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP)
|
||||
except (PermissionError, FileNotFoundError):
|
||||
# If history_logfile does not exist, ignore the error
|
||||
pass
|
||||
|
||||
|
||||
def run(cmd: list[str], input_data: bytes | None = None) -> None:
|
||||
_log_cmd(cmd)
|
||||
subprocess.run(cmd, input=input_data, check=True)
|
||||
|
||||
|
||||
def _pid_exists(pid: int) -> bool:
|
||||
try:
|
||||
return any(subprocess.check_output(['ps', '--no-headers', '-o', 'pid', '-p', str(pid)]).strip())
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import textwrap
|
|||
import time
|
||||
from collections.abc import Callable
|
||||
from pathlib import Path
|
||||
from subprocess import CalledProcessError
|
||||
from types import TracebackType
|
||||
from typing import TYPE_CHECKING, Any
|
||||
|
||||
|
|
@ -31,7 +32,7 @@ from archinstall.tui.curses_menu import Tui
|
|||
|
||||
from .args import arch_config_handler
|
||||
from .exceptions import DiskError, HardwareIncompatibilityError, RequirementError, ServiceException, SysCallError
|
||||
from .general import SysCommand
|
||||
from .general import SysCommand, run
|
||||
from .hardware import SysInfo
|
||||
from .locale.utils import verify_keyboard_layout, verify_x11_keyboard_layout
|
||||
from .luks import Luks2
|
||||
|
|
@ -1605,14 +1606,12 @@ class Installer:
|
|||
# This means the root account isn't locked/disabled with * in /etc/passwd
|
||||
self.helper_flags['user'] = True
|
||||
|
||||
combo = f'{user}:{password}'
|
||||
echo = shlex.join(['echo', combo])
|
||||
sh = shlex.join(['sh', '-c', echo])
|
||||
cmd = ['arch-chroot', str(self.target), 'chpasswd']
|
||||
|
||||
try:
|
||||
SysCommand(f"arch-chroot {self.target} " + sh[:-1] + " | chpasswd'")
|
||||
run(cmd, input_data=f'{user}:{password}'.encode())
|
||||
return True
|
||||
except SysCallError:
|
||||
except CalledProcessError:
|
||||
return False
|
||||
|
||||
def user_set_shell(self, user: str, shell: str) -> bool:
|
||||
|
|
|
|||
Loading…
Reference in New Issue