Security fix: duplicity handler used to put the gpg passphase on the command line.

[matthijs/upstream/backupninja.git] / handlers / dup

diff --git a/handlers/dup b/handlers/dup
index 7dfb76698f159a4a6a1161984ec33a154186a63c..176ac3eae8e5c3066371d07fd4a2086d42b5e9e2 100644 (file)
--- a/handlers/dup
+++ b/handlers/dup
@@ -62,7 +62,7 @@ fi
 if [ "$testconnect" == "yes" ]; then
     debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'"
     if [ ! $test ]; then
-       result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1' 2>&1`
+       result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'`
        if [ "$result" != "1" ]; then
            fatal "Can't connect to $desthost as $destuser."
        else
@@ -131,17 +131,17 @@ execstr=${execstr//\\*/\\\\\\*}
 
 debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
 if [ ! $test ]; then
+        export PASSPHRASE=$password
        output=`nice -n $nicelevel \
                   su -c \
-                    "export PASSPHRASE=$password \
-                     && duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
+                    "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
        code=$?
-       if [ "$code" == "0" ]; then
+       if [ $code -eq 0 ]; then
                debug $output
                info "Duplicity finished successfully."
        else
-               warning $output
-               warning "Duplicity failed."
+               debug $output
+               fatal "Duplicity failed."
        fi
 fi