On Sat 21 Apr 2018 at 11:36:05 -0500, David Wright wrote: > On Fri 20 Apr 2018 at 20:38:48 (+0100), Brian wrote: > > T have a script. It contains an important password. > > If you cat /usr/local/bin/myscript do you see your important > password on the screen?
With the unencrypted file - yes. With the encrypted file -no. > > > I have encrypted the script with > > > > scrypt [enc] -t 10 /usr/local/bin/myscript > > > > I can, of course, decrypt it with > > > > scrypt dec /usr/local/bin/myscript > > > > and then execute the script. > > > > The two last steps have been combined into > > > > DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT" > > > > Should I have any more concerns with this command than I have with the > > two-step process? > > If so, then won't the password be revealed by ps while eval is > evaluating it? I do not know the most efficacious way to see the ps output in real time as eval runs. With a bit of trial and error (scrypt is slow enough to switch to another console and use ps) I captured 23266 pts/7 R+ 0:00 mpw -q -F -M -t railcard in its output. mpw is the basic command executed by myscript. Switches are shown but not parameters. -M is the very important one. The gap would be occupied by the passphrase. Is it possible that ps output does not show parameters to switches? -- Brian.
