C23 provides memset_explicit() to ensure memory containing sensitive
data is cleared.[1] Using a function like this is necessary to avoid
compilers optimizing out the operation. Of course, bash isn't
optimizing your script for you, but consider this kind of naive
solution:
$ IFS='' read -e -r -s -p 'password: ' password
password:
$ printf '|%s|\n' "${password}"
|abc123|
$ printf -v password '%*s' "${#password}" ''
$ printf '|%s|\n' "${password}"
| |
Does bash malloc new memory for the variable every time it's set? If
so, I'd imagine the memory storing the prior version of the variable
is free'd, but continues to contain the sensitive data.
Bash is malloc'ing and free'ing constantly, to do everything. How
difficult would it be to ensure that the value of the password
variable -- as expanded in the calls to 'printf', for instance -- is
also cleared from wherever else it might've been stored, after the
command has executed?
Maybe this could be done with a new variable attribute set with
'declare'. And then bash would have to ensure that the memory from
everywhere the variable gets set or expanded is also erased after use,
and then the contents of the variable itself are erased when the
variable is unset or as the script exits.
Would this be worthwhile at all?
[1]:
https://www.gnu.org/software/gnulib/manual/html_node/memset_005fexplicit.html
