fix: prevent password leakage in ModifyPasswd

Replace usermod -p with chpasswd -e and pass password via stdin instead of
command line arguments to avoid exposing passwords in process listings.

Signed-off-by: ComixHe <heyuming@deepin.org>

Author: ComixHe

accounts1/users/manager.go

@@ -19,6 +19,7 @@ const (
 	userCmdDelete = "userdel"
 	userCmdModify = "usermod"
 	userCmdGroup  = "gpasswd"
+	pwdCmdModify  = "chpasswd"
 
 	cmdGroupDel = "groupdel"
 	cmdChAge    = "chage"

accounts1/users/prop.go

@@ -180,7 +180,19 @@ func ModifyPasswd(words, username string) error {
 		return errInvalidParam
 	}
 
-	return doAction(userCmdModify, []string{"-p", words, username})
+	cmd := exec.Command(pwdCmdModify, "-e")
+	input := fmt.Sprintf("%s:%s\n", username, words)
+	cmd.Stdin = bytes.NewBufferString(input)
+
+	var stderr bytes.Buffer
+	cmd.Stderr = &stderr
+
+	err := cmd.Run()
+	if err != nil {
+		return fmt.Errorf("failed to modify password: %v, %s", err, stderr.String())
+	}
+
+	return nil
 }
 
 func ModifyMaxPasswordAge(username string, nDays int) error {