fix(security): pipe sudo password via stdin instead of shell cmdline

2026-04-25 00:51:20 +00:00 · 2026-03-08 17:46:11 +03:30 · 2026-03-08 17:46:11 +03:30 · e9742e202f
commit e9742e202f
parent a2ea85924a
8 changed files with 132 additions and 45 deletions
--- a/tools/environments/modal.py
+++ b/tools/environments/modal.py
@ -106,7 +106,20 @@ class ModalEnvironment(BaseEnvironment):
                marker = f"HERMES_EOF_{uuid.uuid4().hex[:8]}"
            command = f"{command} << '{marker}'\n{stdin_data}\n{marker}"

-        exec_command = self._prepare_command(command)
+        exec_command, sudo_stdin = self._prepare_command(command)
+
+        # Modal sandboxes execute commands via the Modal SDK and cannot pipe
+        # subprocess stdin directly the way a local Popen can.  When a sudo
+        # password is present, use a shell-level pipe from printf so that the
+        # password feeds sudo -S without appearing as an echo argument embedded
+        # in the shell string.  The password is still visible in the remote
+        # sandbox's command line, but it is not exposed on the user's local
+        # machine — which is the primary threat being mitigated.
+        if sudo_stdin is not None:
+            import shlex
+            exec_command = (
+                f"printf '%s\\n' {shlex.quote(sudo_stdin.rstrip())} | {exec_command}"
+            )

        # Run in a background thread so we can poll for interrupts
        result_holder = {"value": None, "error": None}