Security fix: duplicity handler used to put the gpg passphase on the command line.

diff --git a/etc/backup.d/example.dup b/etc/backup.d/example.dup
index 37ca92efb9da7ea4348c51c4bdb37d7eb112d448..cd64dd5b6452deb537be5062273a74b74cc6f58e 100644 (file)
--- a/etc/backup.d/example.dup
+++ b/etc/backup.d/example.dup
@@ -15,7 +15,8 @@ nicelevel = 19
 [gpg]
 
 # passphrase needed to unlock the GnuPG key
-password = "a_very_complicated_passphrase"
+# NB: do not quote it, and it should not contain any quote
+password = a_very_complicated_passphrase
 
 # default is no, for backward compatibility with backupninja <= 0.5.
 # when set to yes, encryptkey option must be set below.

diff --git a/handlers/dup b/handlers/dup
index 22f915f53306f45a78765b447ad77f4faa893005..176ac3eae8e5c3066371d07fd4a2086d42b5e9e2 100644 (file)
--- a/handlers/dup
+++ b/handlers/dup
@@ -131,17 +131,17 @@ execstr=${execstr//\\*/\\\\\\*}
 
 debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
 if [ ! $test ]; then
+        export PASSPHRASE=$password
        output=`nice -n $nicelevel \
                   su -c \
-                    "export PASSPHRASE=$password \
-                     && duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
+                    "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
        code=$?
-       if [ "$code" == "0" ]; then
+       if [ $code -eq 0 ]; then
                debug $output
                info "Duplicity finished successfully."
        else
-               warning $output
-               warning "Duplicity failed."
+               debug $output
+               fatal "Duplicity failed."
        fi
 fi