From ecb9676d0d0e29ae2888936a6a129f287c4ec123 Mon Sep 17 00:00:00 2001 From: Philipp Gesang Date: Thu, 18 May 2017 13:44:07 +0200 Subject: [PATCH] grab password from envp if not supplied on CLI In order to avoid the password showing up in full in the process table, pass it in the environment instead. Uses the environment variable PDTCRYPT_PASSWORD with both crypto.py and backup.py. --- backup.py | 8 ++++++-- deltatar/crypto.py | 7 +++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/backup.py b/backup.py index dc756fb..3ad0c88 100644 --- a/backup.py +++ b/backup.py @@ -85,8 +85,12 @@ if __name__ == "__main__": """) parser.add_argument("-t", "--targetpath", help="Target path directory.") parser.add_argument("-s", "--sourcepath", help="Source path directory.") - parser.add_argument("-p", "--password", default=None, - help="Password for symmetric encryption.") + epw = os.getenv ("PDTCRYPT_PASSWORD") + parser.add_argument("-p", "--password", + default=epw.strip () if epw is not None else None, + help="Password for symmetric encryption. " + "The environment variable PDTCRYPT_PASSWORD should " + "be preferred to this.") parser.add_argument("-v", "--volsize", default=None, help="Maximum volume size, in megabytes.") parser.add_argument("-r", "--restore", action='store_true', diff --git a/deltatar/crypto.py b/deltatar/crypto.py index f0af890..429cdbe 100755 --- a/deltatar/crypto.py +++ b/deltatar/crypto.py @@ -1590,6 +1590,13 @@ def parse_argv (argv): raise Unreachable if pw is None: + if PDTCRYPT_VERBOSE is True: + noise ("ERROR: no password specified, trying $PDTCRYPT_PASSWORD") + epw = os.getenv ("PDTCRYPT_PASSWORD") + if epw is not None: + pw = epw.strip () + + if pw is None: if subcommand == PDTCRYPT_SUB_SCRYPT: noise ("ERROR: scrypt hash mode requested but no password given") noise ("") -- 1.7.1