From f73ab550c40692c92cab9fb2e895a5a799ae5128 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Stelmach?= <stlman@poczta.fm>
Date: Mon, 31 May 2021 22:32:05 +0200
Subject: [PATCH] Use pipe to pass password to borg

Depending on system configuration environment variables of a process
may be readable for other processess. Password passed through a pipe
is not visible to other processes.
---
 src/vorta/borg/borg_thread.py | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/vorta/borg/borg_thread.py b/src/vorta/borg/borg_thread.py
index b6a3cd6c9..d4d9a1ded 100644
--- a/src/vorta/borg/borg_thread.py
+++ b/src/vorta/borg/borg_thread.py
@@ -74,12 +74,21 @@ def __init__(self, cmd, params, parent=None):
 
         password = params.get('password')
         if password is not None:
-            env['BORG_PASSPHRASE'] = password
+            pass_pipe_r, pass_pipe_w = os.pipe()
+            logger.debug("Passphrase pipe reading fd: {}, writing fd: {}".format(pass_pipe_r, pass_pipe_w))
+            os.set_inheritable(pass_pipe_r, True)
+            with os.fdopen(pass_pipe_w, "w") as p:
+                p.write(password)
+            env['BORG_PASSPHRASE_FD'] = "{}".format(pass_pipe_r)
         else:
+            pass_pipe_r = None
             env['BORG_PASSPHRASE'] = '9999999'  # Set dummy password to avoid prompt.
 
         if env.get('BORG_PASSCOMMAND', False):
-            env.pop('BORG_PASSPHRASE', None)  # Unset passphrase
+            # Close the passphrase pipe
+            os.close(pass_pipe_r)
+            pass_pipe_r = None
+            env.pop('BORG_PASSPHRASE_FD', None)
 
         ssh_key = params.get('ssh_key')
         if ssh_key is not None:
@@ -91,6 +100,7 @@ def __init__(self, cmd, params, parent=None):
         self.cwd = params.get('cwd', None)
         self.params = params
         self.process = None
+        self.pass_pipe_r = pass_pipe_r
 
     @classmethod
     def is_running(cls):
@@ -196,7 +206,11 @@ def run(self):
         logger.info('Running command %s', ' '.join(self.cmd))
 
         p = Popen(self.cmd, stdout=PIPE, stderr=PIPE, bufsize=1, universal_newlines=True,
-                  env=self.env, cwd=self.cwd, start_new_session=True)
+                  env=self.env, cwd=self.cwd, start_new_session=True,
+                  close_fds=self.pass_pipe_r is None)
+
+        if self.pass_pipe_r is not None:
+            os.close(self.pass_pipe_r)
 
         self.process = p