Security fix: duplicity handler used to put the gpg passphase on the command line.

[matthijs/upstream/backupninja-vserver.git] / handlers / dup

diff --git a/handlers/dup b/handlers/dup
index 3b4d0323947d4e84775e262a6b1a189c98b95915..176ac3eae8e5c3066371d07fd4a2086d42b5e9e2 100644 (file)
--- a/handlers/dup
+++ b/handlers/dup
@@ -39,7 +39,7 @@ if [ "$vservers" == "yes" ]; then
     [ -d "$VROOTDIR" ] || fatal "vservers enabled, but $VROOTDIR does not exist!"
     if [ "$vsnames" == "all" ]; then
        vsnames=""
-       for vserver in `ls $VROOTDIR | grep -v lost+found | grep -v ARCHIVES`; do
+       for vserver in `ls $VROOTDIR | grep -E -v "lost+found|ARCHIVES"`; do
            vsnames="$vserver $vsnames"
        done
     else
@@ -62,7 +62,7 @@ fi
 if [ "$testconnect" == "yes" ]; then
     debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'"
     if [ ! $test ]; then
-       result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1' 2>&1`
+       result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'`
        if [ "$result" != "1" ]; then
            fatal "Can't connect to $desthost as $destuser."
        else
@@ -131,17 +131,17 @@ execstr=${execstr//\\*/\\\\\\*}
 
 debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
 if [ ! $test ]; then
+        export PASSPHRASE=$password
        output=`nice -n $nicelevel \
                   su -c \
-                    "export PASSPHRASE=$password \
-                     && duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
+                    "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
        code=$?
-       if [ "$code" == "0" ]; then
+       if [ $code -eq 0 ]; then
                debug $output
                info "Duplicity finished successfully."
        else
-               warning $output
-               warning "Duplicity failed."
+               debug $output
+               fatal "Duplicity failed."
        fi
 fi