nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-01 23:22:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Properly escape passwords sent to chpasswd

Browse Source 
The mutableUsers feature uses `chpasswd` to set users passwords.
Passwords and their hashes were being piped into the program using
double quotes ("") to escape. This causes any `$` characters to be
expanded as shell variables. This is a serious problem because all the
password hash methods besides DES use multiple `$` in the hashes. Single
quotes ('') should be used instead to prevent shell variable expansion.
This commit is contained in:
Thomas Tuegel 2014-02-10 08:15:24 -06:00
parent 6a8cc9ab11
commit 3dc6168b31
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/config/users-groups.nix
View File

@ -411,13 +411,13 @@ in
if [ "$setpw" == "yes" ]; then
${if !(isNull u.hashedPassword)
then ''
echo "${u.name}:${u.hashedPassword}" | \
echo '${u.name}:${u.hashedPassword}' | \
${pkgs.shadow}/sbin/chpasswd -e''
else if u.password == ""
then "passwd -d '${u.name}' &>/dev/null"
else if !(isNull u.password)
then ''
echo "${u.name}:${u.password}" | ${pkgs.shadow}/sbin/chpasswd''
echo '${u.name}:${u.password}' | ${pkgs.shadow}/sbin/chpasswd''
else if !(isNull u.passwordFile)
then ''
echo -n "${u.name}:" | cat - "${u.passwordFile}" | \