search

pyinvoke / invoke

Pythonic task management & command execution.
http://pyinvoke.org
BSD 2-Clause "Simplified" License
4.31k stars 365 forks source link

Sudo showing password in clear #998

Open Cc618 opened 2 weeks ago

Cc618 commented 2 weeks ago

On Debian 12, Context.sudo shows the password in clear.

Task:

from invoke import task

@task
def test(c):
    c.run("whoami")
    c.sudo("whoami", pty=True)

Bug:

$ inv test
user
[sudo] password: <shows my password in clear>
Sorry, try again.
root
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/invoke/context.py", line 215, in _sudo
    return runner.run(cmd_str, watchers=watchers, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/invoke/runners.py", line 376, in run
    return self._run_body(command, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/invoke/runners.py", line 432, in _run_body
    return self.make_promise() if self._asynchronous else self._finish()
                                                          ^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/invoke/runners.py", line 493, in _finish
    raise Failure(result, reason=watcher_errors[0])
invoke.exceptions.Failure: Command was not fully executed due to watcher error.
=== stdout ===
root

=== stderr ===
[sudo] password: Sorry, try again.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/inv", line 33, in <module>
    sys.exit(load_entry_point('invoke==2.0.0', 'console_scripts', 'inv')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/invoke/program.py", line 380, in run
    self.execute()
  File "/usr/lib/python3/dist-packages/invoke/program.py", line 565, in execute
    executor.execute(*self.tasks)
  File "/usr/lib/python3/dist-packages/invoke/executor.py", line 127, in execute
    result = call.task(*args, **call.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/invoke/tasks.py", line 115, in __call__
    result = self.body(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/tasks.py", line 7, in test
    c.sudo("whoami")
  File "/usr/lib/python3/dist-packages/invoke/context.py", line 170, in sudo
    return self._sudo(runner, command, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/invoke/context.py", line 227, in _sudo
    raise error
invoke.exceptions.AuthFailure: The password submitted to prompt '[sudo] password: ' was rejected.

Note that the command is executed correctly but we receive an AuthFailure