From f53015157d773b484e30a74868e379c0b24c17ae Mon Sep 17 00:00:00 2001 From: Kyle Kurz Date: Wed, 14 Apr 2021 12:13:01 -0400 Subject: [PATCH] Issue #824 - Don't log password (#825) When setting the password, explicitly disable bash logging. Leave the re-enable code so that other functions work as expected. Additionally, do not remove the print in generate_password so randomly generated passwords are still logged for user consistency. Signed-off-by: Kyle Kurz --- bash_functions.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/bash_functions.sh b/bash_functions.sh index 886ff65..cb66c62 100644 --- a/bash_functions.sh +++ b/bash_functions.sh @@ -230,17 +230,14 @@ setup_web_password() { setup_var_exists "WEBPASSWORD" && return PASS="$1" - # Turn bash debug on while setting up password (to print it) + # Explicitly turn off bash printing when working with secrets + { set +x; } 2>/dev/null + if [[ "$PASS" == "" ]] ; then echo "" | pihole -a -p else - echo "Setting password: ${PASS}" - set -x pihole -a -p "$PASS" "$PASS" fi - # Turn bash debug back off after print password setup - # (subshell to null hides printing output) - { set +x; } 2>/dev/null # To avoid printing this if conditional in bash debug, turn off debug above.. # then re-enable debug if necessary (more code but cleaner printed output)