Avoid passing MediaWiki passwords on the command line

diff --git a/wizard/app/mediawiki.py b/wizard/app/mediawiki.py
index 83018ce6a59c700ef305089815b0b5ed5b67ed40..4ab86287f5baa6a1a03678e8fe6f2118a4caf296 100644 (file)
--- a/wizard/app/mediawiki.py
+++ b/wizard/app/mediawiki.py
@@ -68,18 +68,27 @@ class Application(app.Application):
             with util.ChangeDirectory("math"):
                 shell.call("make")
         try:
+            dbpass_fd, out_fd = os.pipe()
+            os.write(out_fd, options.dsn.password)
+            os.close(out_fd)
+            pass_fd, out_fd = os.pipe()
+            os.write(out_fd, options.admin_password)
+            os.close(out_fd)
+
             result = shell.eval(
                     "php", "-c", ".", "maintenance/install.php",
                     "--dbname", options.dsn.database,
-                    "--dbpass", options.dsn.password,
+                    "--dbpassfile", "php://fd/%d" % (dbpass_fd,),
                     "--dbserver", options.dsn.host,
                     "--dbuser", options.dsn.username,
                     "--email", options.email,
-                    "--pass", options.admin_password,
+                    "--passfile", "php://fd/%d" % (pass_fd,),
                     "--server", "https://" + options.web_host,
                     "--scriptpath", options.web_path,
                     options.title, options.admin_name,
-                    log=True)
+                    log=True,
+                    close_fds=False,
+            )
         except shell.CallError as e:
             raise app.RecoverableInstallFailure(["Install script returned non-zero exit code\nSTDOUT: %s\nSTDERR: %s" % (e.stdout, e.stderr)])
         logging.debug("Install script output:\n\n" + result)

diff --git a/wizard/shell.py b/wizard/shell.py
index 523dea23af6e1e7d1887b2777aceae6e8c1ca83c..71b3593b6a5c8dce7b4781a409abbdf3cd9f1720 100644 (file)
--- a/wizard/shell.py
+++ b/wizard/shell.py
@@ -98,6 +98,7 @@ class Shell(object):
         kwargs.setdefault("stdin", subprocess.PIPE)
         kwargs.setdefault("stderr", subprocess.PIPE)
         kwargs.setdefault("addenv", None)
+        kwargs.setdefault("close_fds", True)
         msg = "Running `" + ' '.join(args) + "`"
         if kwargs["strip"] and not kwargs["log"] is True or kwargs["log"] is False:
             logging.debug(msg)
@@ -124,6 +125,7 @@ class Shell(object):
         env = None
         if kwargs["addenv"]:
             env = dict(os.environ.items() + kwargs["addenv"].items())
+        close_fds = kwargs["close_fds"]
         # XXX: There is a possible problem here where we can fill up
         # the kernel buffer if we have 64KB of data.  This shouldn't
         # normally be a problem, and the fix for such case would be to write to
@@ -136,7 +138,7 @@ class Shell(object):
         # waitpid() pump to a select() pump, creating a pipe to
         # ourself, and then setting up a SIGCHILD handler to write a single
         # byte to the pipe to get us out of select() when a subprocess exits.
-        proc = subprocess.Popen(args, stdout=stdout, stderr=stderr, stdin=stdin, cwd=self.cwd, env=env)
+        proc = subprocess.Popen(args, stdout=stdout, stderr=stderr, stdin=stdin, cwd=self.cwd, env=env, close_fds=close_fds)
         if self._async(proc, args, **kwargs):
             return proc
         stdout, stderr = proc.communicate(kwargs["input"])