Quellcode durchsuchen

dovecot/imapsync_cron: Use passfiles to hide passwords from ps

Markus Frosch vor 8 Jahren
Ursprung
Commit
4be67ccd64
1 geänderte Dateien mit 10 neuen und 3 gelöschten Zeilen
  1. 10 3
      data/Dockerfiles/dovecot/imapsync_cron.pl

+ 10 - 3
data/Dockerfiles/dovecot/imapsync_cron.pl

@@ -1,11 +1,11 @@
 #!/usr/bin/perl
 
 use DBI;
-use File::Temp qw/ mkstemp /;
 use LockFile::Simple qw(lock trylock unlock);
 use Data::Dumper qw(Dumper);
 use IPC::Run 'run';
 use String::Util 'trim';
+use File::Temp;
 
 $DBNAME = '';
 $DBUSER = '';
@@ -43,6 +43,13 @@ while ($row = $sth->fetchrow_arrayref()) {
 
   if ($enc1 eq "TLS") { $enc1 = "--tls1"; } elsif ($enc1 eq "SSL") { $enc1 = "--ssl1"; } else { undef $enc1; }
 
+  my $template = $run_dir . '/imapsync.XXXXXXX';
+  my $passfile1 = File::Temp->new(TEMPLATE => $template);
+  my $passfile2 = File::Temp->new(TEMPLATE => $template);
+
+  print $passfile1 "$password1\n";
+  print $passfile2 trim($master_pass) . "\n";
+
   run [ "/usr/local/bin/imapsync",
 	"--timeout1", "10",
 	"--tmpdir", "/tmp",
@@ -55,11 +62,11 @@ while ($row = $sth->fetchrow_arrayref()) {
 	(!defined($enc1) ? () : ($enc1)),
 	"--host1", $host1,
 	"--user1", $user1,
-	"--password1", $password1,
+	"--passfile1", $passfile1->filename,
 	"--port1", $port1,
 	"--host2", "localhost",
 	"--user2", $user2 . '*' . trim($master_user),
-	"--password2", trim($master_pass),
+	"--passfile2", $passfile2->filename,
 	'--no-modulesversion'], ">", \my $stdout;
 
   $update = $dbh->prepare("UPDATE imapsync SET returned_text = ?, last_run = NOW() WHERE id = ?");