From 4be67ccd6410e3ee697fce1a5e50b471c55b65fe Mon Sep 17 00:00:00 2001 From: Markus Frosch Date: Mon, 19 Jun 2017 11:40:50 +0200 Subject: [PATCH] dovecot/imapsync_cron: Use passfiles to hide passwords from ps --- data/Dockerfiles/dovecot/imapsync_cron.pl | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/data/Dockerfiles/dovecot/imapsync_cron.pl b/data/Dockerfiles/dovecot/imapsync_cron.pl index a3cbf8a1..429443ee 100755 --- a/data/Dockerfiles/dovecot/imapsync_cron.pl +++ b/data/Dockerfiles/dovecot/imapsync_cron.pl @@ -1,11 +1,11 @@ #!/usr/bin/perl use DBI; -use File::Temp qw/ mkstemp /; use LockFile::Simple qw(lock trylock unlock); use Data::Dumper qw(Dumper); use IPC::Run 'run'; use String::Util 'trim'; +use File::Temp; $DBNAME = ''; $DBUSER = ''; @@ -43,6 +43,13 @@ while ($row = $sth->fetchrow_arrayref()) { if ($enc1 eq "TLS") { $enc1 = "--tls1"; } elsif ($enc1 eq "SSL") { $enc1 = "--ssl1"; } else { undef $enc1; } + my $template = $run_dir . '/imapsync.XXXXXXX'; + my $passfile1 = File::Temp->new(TEMPLATE => $template); + my $passfile2 = File::Temp->new(TEMPLATE => $template); + + print $passfile1 "$password1\n"; + print $passfile2 trim($master_pass) . "\n"; + run [ "/usr/local/bin/imapsync", "--timeout1", "10", "--tmpdir", "/tmp", @@ -55,11 +62,11 @@ while ($row = $sth->fetchrow_arrayref()) { (!defined($enc1) ? () : ($enc1)), "--host1", $host1, "--user1", $user1, - "--password1", $password1, + "--passfile1", $passfile1->filename, "--port1", $port1, "--host2", "localhost", "--user2", $user2 . '*' . trim($master_user), - "--password2", trim($master_pass), + "--passfile2", $passfile2->filename, '--no-modulesversion'], ">", \my $stdout; $update = $dbh->prepare("UPDATE imapsync SET returned_text = ?, last_run = NOW() WHERE id = ?");