New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed shell script creation with passwords with special characters #13886
Fixed shell script creation with passwords with special characters #13886
Conversation
…e API Cleanup of the previous commit
This looks good to me. I'll merge when the automated tests pass.
|
@digitalcombine Are you keen to take a look at some of the other issues with this module? (in a separate PR)
|
Release NotesFixed the |
@bcoles definitely. I started looking into removing the evidence, might as well continue on. |
With the post/multi/manage/sudo module I encountered that passwords with the $ character causes this module to fail. This is due to that lack of quoting when generating the script for sudo -s -A. The lack of quoting causes the script to attempt to expand the $ as a variable. For example the password "the$sign" creates the script:
#!/bin/sh
echo the
In sudo.rb on line 102, I changed the line:
cmd_exec("echo echo #{password} >> #{askpass_sh}")
to
cmd_exec("echo 'echo '\"'\"'#{password}'\"'\"'' >> #{askpass_sh}")
This adds quoting to the script generation and to the script itself. Now the password "the$sign" creates the script:
#!/bin/sh
echo 'the$sign'
Special characters in passwords shouldn't cause failures with the exception of the ' character. Thanks to @bwatters-r7 for reviewing the initial change.