Save password to temporary file instead of passing to subprocess in adduser
This prevents an attacker from monitoring the running processes and capturing passwords
This commit is contained in:
parent
57813cba9e
commit
97e60b232d
5
adduser
5
adduser
|
@ -21,7 +21,10 @@ def adduser(username, firstname, lastname, email, password):
|
||||||
else:
|
else:
|
||||||
fullname = f'{firstname} {lastname}'
|
fullname = f'{firstname} {lastname}'
|
||||||
|
|
||||||
hashed_password = check_output(['openssl', 'passwd', '-6', password]).decode('utf-8')[:-1]
|
with open('password', 'w') as f:
|
||||||
|
f.write(password)
|
||||||
|
hashed_password = check_output(['openssl', 'passwd', '-6', '-in', 'password']).decode('utf-8')[:-1]
|
||||||
|
remove('password')
|
||||||
|
|
||||||
# Construct LDIF
|
# Construct LDIF
|
||||||
ldif = f'''dn: uid={username},ou=People,dc=exozy,dc=me
|
ldif = f'''dn: uid={username},ou=People,dc=exozy,dc=me
|
||||||
|
|
Loading…
Reference in a new issue