| Message ID | 20250612155610.473593-1-felix.moessbauer@siemens.com |
|---|---|
| State | Under Review |
| Headers | show
Return-Path: <isar-users+bncBCZK33MGWUCRBNPRVPBAMGQEQFRQL7A@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
Thu, 12 Jun 2025 17:56:45 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-pl1-f186.google.com (mail-pl1-f186.google.com
[209.85.214.186])
by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
55CFuhIO003392
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <iupwgm@isar-build.org>; Thu, 12 Jun 2025 17:56:44 +0200
Received: by mail-pl1-f186.google.com with SMTP id
d9443c01a7336-2349498f00esf17733945ad.0
for <iupwgm@isar-build.org>; Thu, 12 Jun 2025 08:56:44 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1749743798; cv=pass;
d=google.com; s=arc-20240605;
b=Oq/axCNDfzPLaLNbO1H4LarCA+XX9Z/9vGOz3sQKlnKUAWKcyoPUqYddSns6p21eJD
Je6Lei6wgS8U/E6usfJptwnzhrLhqAGyYybVwai+IdwER9zYaQiMZj1Cdm69o0QlaBZM
xhen46aseQuacybuWvdFARos/KnJb0wkskrvwx1CJ99OuAe+H7ne5AjumiZ22ms2Ly+w
9Sv3msK82qE4+qBUpF8ziuXB1/ELRa+diDv4s5QEbC+Wfk2AAc5k0iuLgFs+s9wHfbrz
4ECJ1aAOSXa44Ba9r6calHcdfxvACiAh1zhLhzuAJ/gR4c3CbaUvPNMEF/JEcg7uY6U4
snNw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=OXeHrSCLz4R50bWZx+XQ71AnPV2i5l3pbFdlSy9KIHY=;
fh=ew3I7usz6XTCY/+W7yJPYOZNdP+6c9ZO/A68Z1EjuWE=;
b=aoQxmefrSh5sn1f46bhMC74CSia+41AvfpOH3fZ0oR4eTqeSZmf7ZCqprlOHf77zF6
kemkJkwU5wJ8fYtbr+PoK6VM48Qnc+uxVOjUshFXLRPbfTXBRB+c5AIXlGg/qfTBfHKL
DhsB+5LXaP92RgJiIQTgy9CdOgyYMZbI4+YFqLF8BEvLBM1Ygwie300jkGWlPz66ized
ZzsDMVXeDspUjykbKXvY0yay32xLtxyv1LwuWL2hW07EPmihYSuZ/6GXDxtLqEKaXfLN
X0fs8brmjkYOtm+HZtYfq99kCB+j2kEC4Pw2YJlofhcWD5Aguy5HRhMwsn5dvgWmxf//
Io8Q==;
darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=fm2 header.b=qMqPPTCC;
spf=pass (google.com: domain of
fm-1321639-20250612155633a5190c72d4abef53c0-h2rzcf@rts-flowmailer.siemens.com
designates 185.136.64.226 as permitted sender)
smtp.mailfrom=fm-1321639-20250612155633a5190c72d4abef53c0-H2rzCf@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1749743798; x=1750348598;
darn=isar-build.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:feedback-id
:mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject
:date:message-id:reply-to;
bh=OXeHrSCLz4R50bWZx+XQ71AnPV2i5l3pbFdlSy9KIHY=;
b=H4tCNG8GEkk2KNAze7Xsx/dj2Emw04LiYd2DHNz3fQdAIuDQk1cFifhcaNLUmhejBx
hoG4oEpAvtXWAPd2oG4esA2DGzfH37iKtBz16DWbaZCzVMnjj+lwZ3NbY/3Rz0WoI77M
//GtSOqdsM8rnL7EbYywJOI+taC1+OQnA4CG3rG4xhgmQRZjIgrWjpkqKwcymxw4IIT6
X4rPHHn5iJhdKx3hQegb2d0ZW0Gz+0BDG2mMt7h/DfK4I54avJDdGN4oKnc9hA84HOSM
anCSq82odv9lF+4pOX13eBMfCQ2XS5EdeSACWyjk3M1IMFMtTcUv8ICZDScpI/fohV2r
I/4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1749743798; x=1750348598;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:feedback-id
:mime-version:message-id:date:subject:cc:to:from:x-beenthere
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=OXeHrSCLz4R50bWZx+XQ71AnPV2i5l3pbFdlSy9KIHY=;
b=Dc/CxVaIEqNdME+iBxols1qFdhKvt/Q+ROKl49cXN7RJ3LalLTLAI5KUJLtheCZ/8v
LrgDOlGxX3CI1l7DzPNnAiYNL2PN9rp30sVYPOm4I80Gajt/FcrvQ9O7HE+kiDeqBkhP
e5zLOpGIYM3rJjtFd+o3FUN2tFFDkbjpCH3K1TCzLHUSCbFw4UPl2GfA1ARlLeVcJUy8
UPPEH/tqX6qEZ21kQD6oFzIPKJFsZG05KstGlGMGApwLClYHPpzjlNgeVWQXMqcsRQ3m
6oxvzqqKmsPz1FYujW4ZCqwBgcTD2R1B+Uo8lhjg52dyiuvrT9BM0tgiry+p2rX5pr78
U7rw==
X-Forwarded-Encrypted: i=2;
AJvYcCVAC+ZW/cjbLORAAcMwVQKE77O0Ta4irMvvYfsgK1nDi0Ee55hNL9oKUTgCKZ3FXX52FDA/gG4=@isar-build.org
X-Gm-Message-State: AOJu0YwO1chhASA5P25WdX0C7pbSSd0HWOXl7xec9zDASMTirS8S0b+E
XiBg/2kz2qZWsDZUp8sRvb80FpNi0NWq9r4VfRbtezTQuPrR1IfdaDUv
X-Google-Smtp-Source:
AGHT+IEyGn9wXWgoHMXR6yZXtC7OgiL+KHdPzkPIs6XhSrRyZffAzHqdtgOuTuutV10h7dtWWGvp3Q==
X-Received: by 2002:a17:90b:3b49:b0:2fa:562c:c1cf with SMTP id
98e67ed59e1d1-313bfd6dd20mr5375444a91.1.1749743797666;
Thu, 12 Jun 2025 08:56:37 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com;
h=AZMbMZfpiTzycWrHtaqVCBnEFw13/kCIYQsBTVOpsbHMkcXSCw==
Received: by 2002:a17:90b:d8d:b0:311:bf58:2bf4 with SMTP id
98e67ed59e1d1-313bf90fb9els804666a91.0.-pod-prod-00-us; Thu, 12 Jun 2025
08:56:36 -0700 (PDT)
X-Received: by 2002:a17:90b:1d49:b0:311:a5ab:3d47 with SMTP id
98e67ed59e1d1-313bfd7ab92mr5298445a91.1.1749743796163;
Thu, 12 Jun 2025 08:56:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1749743796; cv=none;
d=google.com; s=arc-20240605;
b=fC1jT0QdN7k+wyguOyMOultXdY3fZIOkT4rvd7Ps51bcnaVmvkfhKSue/ZFKay6yI9
pBfoZ9ULua0CGt7v5qafu4h62l1FsvxK4JR9+bR+t0PcnkDDWxqUbYTN/MmieGpXsdOD
qZ85Cklr930Vk+UIAOzptCcYe3eJa5zmUAeYKzknyV23PSAVmkjp+OCLbbc2NL8u9mZg
YTx0Py1PIquNHM+Zo1SHRCdzlW+Nz0Kqs9I8X0myxdxQ2LVCvTanAx+v0RwbvZ88Pvr9
RSjtHyp7dV+zLlhErPK57K2KE85GsU7LEk4l0nXY142v8aNalQep+sTzbBshjGbbXQSW
8KtQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=feedback-id:content-transfer-encoding:mime-version:message-id:date
:subject:cc:to:from:dkim-signature;
bh=SrwPlM1jwqALj5n8OeYXhSBIafC8FmFT6RJPeTZPUXk=;
fh=mCWA4AbeJIIx/jB2sZk/ItzTiQhicKuLfQNpyfz1pNQ=;
b=UIPBGLxJ6NfdyPFqtLbxMflBDtRf0vUc/2P0uVxzU0B5btBYJCcEWmql5wJvpsCGTO
ZwHvkDJr/WNG2YIXO84qxuGBCFnfj8w66xe1UU8eGBDZ9gZiRReYNQRsLshXa7E/60Nx
/QjN12Nmzl22Av4cGReoODvr2fedj8K4pxm/SbMZE6T5szwYeFDqx0zth2xfQfRtB06T
YI2n4/CnOLfG4LwhL0Ffb7iJliKoaLbByloDQO01mvJbwq/0NQiioktG3mlk21TFJ6cB
erGnFMr9JgDHyWhTtSaDZHJ4xGnM5xnX4ad45NOH63dtw/NfHBdmI2+wJaLBEgJz4qI+
cSKg==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=fm2 header.b=qMqPPTCC;
spf=pass (google.com: domain of
fm-1321639-20250612155633a5190c72d4abef53c0-h2rzcf@rts-flowmailer.siemens.com
designates 185.136.64.226 as permitted sender)
smtp.mailfrom=fm-1321639-20250612155633a5190c72d4abef53c0-H2rzCf@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-64-226.siemens.flowmailer.net
(mta-64-226.siemens.flowmailer.net. [185.136.64.226])
by gmr-mx.google.com with ESMTPS id
98e67ed59e1d1-313a68487dbsi236680a91.1.2025.06.12.08.56.35
for <isar-users@googlegroups.com>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Thu, 12 Jun 2025 08:56:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of
fm-1321639-20250612155633a5190c72d4abef53c0-h2rzcf@rts-flowmailer.siemens.com
designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226;
Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id
20250612155633a5190c72d4abef53c0
for <isar-users@googlegroups.com>;
Thu, 12 Jun 2025 17:56:33 +0200
From: "'Felix Moessbauer' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com, Felix Moessbauer <felix.moessbauer@siemens.com>,
Clara Kowalsky <clara.kowalsky@siemens.com>
Subject: [PATCH 1/1] image-accounts: directly pass arguments to openssl
instead of shell
Date: Thu, 12 Jun 2025 17:56:10 +0200
Message-ID: <20250612155610.473593-1-felix.moessbauer@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1321639:519-21489:flowmailer
X-Original-Sender: felix.moessbauer@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@siemens.com header.s=fm2 header.b=qMqPPTCC; spf=pass
(google.com: domain of
fm-1321639-20250612155633a5190c72d4abef53c0-h2rzcf@rts-flowmailer.siemens.com
designates 185.136.64.226 as permitted sender)
smtp.mailfrom=fm-1321639-20250612155633a5190c72d4abef53c0-H2rzCf@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Felix Moessbauer <felix.moessbauer@siemens.com>
Reply-To: Felix Moessbauer <felix.moessbauer@siemens.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
<mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
<mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
<mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe:
<mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS
autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
|
| Series |
[1/1] image-accounts: directly pass arguments to openssl instead of shell
|
expand
|
diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index 3c461b1a..25288e76 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -133,7 +133,7 @@ def image_create_users(d: "DataSmart") -> None: source_date_epoch = d.getVar("SOURCE_DATE_EPOCH") command.append("-e") salt = hashlib.sha256("{}\n".format(source_date_epoch).encode()).hexdigest()[0:15] - password = bb.process.run('openssl passwd -6 --salt {} {}'.format(salt, password))[0].strip() + password = bb.process.run(['openssl', 'passwd', '-6', '--salt', salt, password])[0].strip() else: command.append("-e")
When hashing the password, the whole openssl command was passed as a shell string instead of directly passing the individual arguments as-is. Further, the arguments were not shell escaped. By that, passwords containing a string were split into two individual arguments, breaking the command (or silently set a different password if the remainder itself was a valid argument). We fix this by passing the arguments as-is (as list) to bb.process.run. Fixes: 6144daf9 ("image-account-extension: Avoid deprecated crypt...") Reported-by: Clara Kowalsky <clara.kowalsky@siemens.com> Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com> --- meta/classes/image-account-extension.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)