Avoid storing password in variable to prevent process listing exposure

Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/c18311e4-609d-4edf-a2a1-a018baede373 Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
2026-04-07 18:27:32 +00:00
parent 5a27b79b51
commit 069f6c3ec7
1 changed files with 1 additions and 2 deletions
--- a/modules/core/factory-seal.nix
+++ b/modules/core/factory-seal.nix
@@ -121,8 +121,7 @@ EOF

      # If the free password has been changed from the factory default, no warning needed
      if [ -f /var/lib/secrets/free-password ]; then
-        CURRENT=$(cat /var/lib/secrets/free-password)
-        [ "$CURRENT" != "free" ] && exit 0
+        [ "$(cat /var/lib/secrets/free-password)" != "free" ] && exit 0
      fi

      # No flags at all + secrets exist = legacy (pre-seal era) machine