Home Explore Help
Sign In
mirrors
/
borg
mirror of https://github.com/borgbackup/borg
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #1136 from ThomasWaldmann/env-security-cleanup

remove passphrase from subprocess environment, fixes #1105
TW 9 years ago
parent
53937a2b60 ca35d9f255
commit
ee5e89b575
1 changed files with 1 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      borg/remote.py

+ 1 - 0
borg/remote.py
View File 

@@ -153,6 +153,7 @@ class RemoteRepository:
 
             # pyinstaller binary adds LD_LIBRARY_PATH=/tmp/_ME... but we do not want
 
             # that the system's ssh binary picks up (non-matching) libraries from there
 
             env.pop('LD_LIBRARY_PATH', None)
 
+        env.pop('BORG_PASSPHRASE', None)  # security: do not give secrets to subprocess
 
         self.p = Popen(borg_cmd, bufsize=0, stdin=PIPE, stdout=PIPE, stderr=PIPE, env=env)
 
         self.stdin_fd = self.p.stdin.fileno()
 
         self.stdout_fd = self.p.stdout.fileno()