On Sat 21 Apr 2018 at 13:54:03 -0500, David Wright wrote: > On Sat 21 Apr 2018 at 19:14:06 (+0100), Brian wrote: > > On Sat 21 Apr 2018 at 11:36:05 -0500, David Wright wrote: > > > > > On Fri 20 Apr 2018 at 20:38:48 (+0100), Brian wrote: > > > > T have a script. It contains an important password. > > > > > > If you cat /usr/local/bin/myscript do you see your important > > > password on the screen? > > > > With the unencrypted file - yes. With the encrypted file -no. > > > > > > > I have encrypted the script with > > > > > > > > scrypt [enc] -t 10 /usr/local/bin/myscript > > > > > > > > I can, of course, decrypt it with > > > > > > > > scrypt dec /usr/local/bin/myscript > > > > > > > > and then execute the script. > > > > > > > > The two last steps have been combined into > > > > > > > > DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT" > > > > > > > > Should I have any more concerns with this command than I have with the > > > > two-step process? > > > > > > If so, then won't the password be revealed by ps while eval is > > > evaluating it? > > > > I do not know the most efficacious way to see the ps output in real time > > as eval runs. With a bit of trial and error (scrypt is slow enough to > > switch to another console and use ps) I captured > > > > 23266 pts/7 R+ 0:00 mpw -q -F -M > > -t railcard > > > > in its output. mpw is the basic command executed by myscript. Switches > > are shown but not parameters. -M is the very important one. The gap > > would be occupied by the passphrase. > > > > Is it possible that ps output does not show parameters to switches? > > Not AFAIK. Here, I can see lines in the list such as:
Then I do not understand why paramters are not shown. Maybe they come later in the output? I can forsee a few sleepness nights trying to figure this out. :) At this juncture it appears I should have no worries about ps revealing the secret. > 1247 ? Ss 0:00 wpa_supplicant -B -i wlp2s0 -c > /var/lib/wicd/configurations/44xxfcxxxxxx -Dwext > 1706 tty1 S 0:00 xterm -geometry 110x38+0+0 -fn neep-iso10646-1-18 -xrm > *Page: 3 1 > > As you can see, I've mangled the MAC of my router that would be revealed > otherwise. > > And I wouldn't like to rely on winning a race with ps to avoid capture > of information exposed in my command lines. I am not after winning any races but (seeing as you brought the issue up) knowing whether ps sees my secret and how to go about finding that out. -- Brian.
