Do not write passwords to the command log (#3291)

codefiles · web-flow · commit 0e71bcff7831 · 2025-03-22T15:23:18.000+11:00
diff --git a/archinstall/lib/general.py b/archinstall/lib/general.py
@@ -307,21 +307,7 @@ def execute(self) -> bool:
 
 		# https://stackoverflow.com/questions/4022600/python-pty-fork-how-does-it-work
 		if not self.pid:
-			history_logfile = Path(f"{storage['LOG_PATH']}/cmd_history.txt")
-
-			change_perm = False
-			if history_logfile.exists() is False:
-				change_perm = True
-
-			try:
-				with history_logfile.open("a") as cmd_log:
-					cmd_log.write(f"{time.time()} {self.cmd}\n")
-
-				if change_perm:
-					history_logfile.chmod(stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP)
-			except (PermissionError, FileNotFoundError):
-				# If history_logfile does not exist, ignore the error
-				pass
+			_log_cmd(self.cmd)
 
 			try:
 				os.execve(self.cmd[0], list(self.cmd), {**os.environ, **self.environment_vars})
@@ -456,6 +442,29 @@ def trace_log(self) -> bytes | None:
 		return None
 
 
+def _log_cmd(cmd: list[str]) -> None:
+	history_logfile = Path(f"{storage['LOG_PATH']}/cmd_history.txt")
+
+	change_perm = False
+	if history_logfile.exists() is False:
+		change_perm = True
+
+	try:
+		with history_logfile.open("a") as cmd_log:
+			cmd_log.write(f"{time.time()} {cmd}\n")
+
+		if change_perm:
+			history_logfile.chmod(stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP)
+	except (PermissionError, FileNotFoundError):
+		# If history_logfile does not exist, ignore the error
+		pass
+
+
+def run(cmd: list[str], input_data: bytes | None = None) -> None:
+	_log_cmd(cmd)
+	subprocess.run(cmd, input=input_data, check=True)
+
+
 def _pid_exists(pid: int) -> bool:
 	try:
 		return any(subprocess.check_output(['ps', '--no-headers', '-o', 'pid', '-p', str(pid)]).strip())
diff --git a/archinstall/lib/installer.py b/archinstall/lib/installer.py
@@ -8,6 +8,7 @@
 import time
 from collections.abc import Callable
 from pathlib import Path
+from subprocess import CalledProcessError
 from types import TracebackType
 from typing import TYPE_CHECKING, Any
 
@@ -31,7 +32,7 @@
 
 from .args import arch_config_handler
 from .exceptions import DiskError, HardwareIncompatibilityError, RequirementError, ServiceException, SysCallError
-from .general import SysCommand
+from .general import SysCommand, run
 from .hardware import SysInfo
 from .locale.utils import verify_keyboard_layout, verify_x11_keyboard_layout
 from .luks import Luks2
@@ -1605,14 +1606,12 @@ def user_set_pw(self, user: str, password: str) -> bool:
 			# This means the root account isn't locked/disabled with * in /etc/passwd
 			self.helper_flags['user'] = True
 
-		combo = f'{user}:{password}'
-		echo = shlex.join(['echo', combo])
-		sh = shlex.join(['sh', '-c', echo])
+		cmd = ['arch-chroot', str(self.target), 'chpasswd']
 
 		try:
-			SysCommand(f"arch-chroot {self.target} " + sh[:-1] + " | chpasswd'")
+			run(cmd, input_data=f'{user}:{password}'.encode())
 			return True
-		except SysCallError:
+		except CalledProcessError:
 			return False
 
 	def user_set_shell(self, user: str, shell: str) -> bool:
