On Sat 21 Apr 2018 at 13:04:20 (-0700), David Christensen wrote: > On 04/20/18 12:38, Brian wrote: > >DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT" > > On 04/21/18 09:36, David Wright wrote: > >If so, then won't the password be revealed by ps while eval is > >evaluating it? > > Apparently, not: > > 2018-04-21 13:02:16 dpchrist@vstretch ~/sandbox/sh > $ cat environment-var-ps > CMD="echo hello" && eval "$CMD" && sleep 3 && echo world! & > ps -f > > 2018-04-21 13:02:18 dpchrist@vstretch ~/sandbox/sh > $ dash environment-var-ps > hello > UID PID PPID C STIME TTY TIME CMD > dpchrist 1681 1268 0 11:42 pts/1 00:00:00 -bash > dpchrist 2541 1681 0 13:02 pts/1 00:00:00 dash environment-var-ps > dpchrist 2542 2541 0 13:02 pts/1 00:00:00 dash environment-var-ps > dpchrist 2543 2541 0 13:02 pts/1 00:00:00 ps -f > dpchrist 2544 2542 0 13:02 pts/1 00:00:00 sleep 3 > > 2018-04-21 13:02:21 dpchrist@vstretch ~/sandbox/sh > $ world! > > > 2018-04-21 13:03:03 dpchrist@vstretch ~/sandbox/sh > $ bash environment-var-ps > hello > UID PID PPID C STIME TTY TIME CMD > dpchrist 1681 1268 0 11:42 pts/1 00:00:00 -bash > dpchrist 2556 1681 0 13:03 pts/1 00:00:00 bash environment-var-ps > dpchrist 2557 2556 0 13:03 pts/1 00:00:00 bash environment-var-ps > dpchrist 2558 2556 0 13:03 pts/1 00:00:00 ps -f > dpchrist 2559 2557 0 13:03 pts/1 00:00:00 sleep 3 > > 2018-04-21 13:03:05 dpchrist@vstretch ~/sandbox/sh > $ world!
That just demonstrates a race between "echo hello" and ps. Echo won, so all ps saw was the sleep command. What you need in $CMD is a command that's slow to execute and loses the race: wren!david 20:52:56 /tmp $ cat testing.sh CMD="echo hello && dd bs=1M if=/dev/urandom of=/dev/null count=100" && eval "$CMD" && echo world! & ps -f wren!david 20:53:01 /tmp $ bash testing.sh hello UID PID PPID C STIME TTY TIME CMD david 1591 1587 0 08:54 pts/4 00:00:00 bash david 11553 1591 0 20:53 pts/4 00:00:00 bash testing.sh david 11554 11553 0 20:53 pts/4 00:00:00 bash testing.sh david 11555 11553 0 20:53 pts/4 00:00:00 ps -f david 11556 11554 0 20:53 pts/4 00:00:00 dd bs=1M if=/dev/urandom of=/dev/null count=100 wren!david 20:53:04 /tmp $ 100+0 records in 100+0 records out 104857600 bytes (105 MB, 100 MiB) copied, 0.582277 s, 180 MB/s world! wren!david 20:53:07 /tmp $ dash testing.sh hello UID PID PPID C STIME TTY TIME CMD david 1591 1587 0 08:54 pts/4 00:00:00 bash david 11562 1591 0 20:53 pts/4 00:00:00 dash testing.sh david 11563 11562 0 20:53 pts/4 00:00:00 dash testing.sh david 11564 11562 0 20:53 pts/4 00:00:00 ps -f david 11565 11563 0 20:53 pts/4 00:00:00 dd bs=1M if=/dev/urandom of=/dev/null count=100 wren!david 20:53:11 /tmp $ 100+0 records in 100+0 records out 104857600 bytes (105 MB, 100 MiB) copied, 0.564181 s, 186 MB/s world! wren!david 20:53:12 /tmp $ Cheers, David.
