On Tue, 25 Feb 2014 07:07:30 +0100 Dsant <forum@votreservice.com> wrote:
I would like to write a bash script, to manage some passwords (cat /dev/urandom, grep, awk...)
What advises would you give, so that theses passwords can not be seen by others during the script execution ?
* should I use files ? (easy : chmod 600 ) * use variables, is it safe ? * Is there a risk they could be visible in bash history ? * some others good practices ?
Here's what I have done in the past: I use files. Anything on the command line can possible be seen with the "ps" command. And I would not trust environment variables, either. There's a timing problem with "chmod 600". Potentially an attacker could access the file before the chmod. Here's a segment of a script I have used: ---- cut here ---- TEMP=/tmp/mhpgp.$$ umask 077 mkdir $TEMP || exit 1 trap "rm -rf $TEMP" 0 1 2 15 ---- end cut ---- I create a directory, and put all files in that directory. Notice the "umask" before creating the directory. That avoids the timing problem, as it is created with restrictive permissions. The "|| exit 1" aborts the script if the temp directory cannot be created (has never happened in my experience) The "trap" is supposed to make sure that the directory and contents are removed at the end of script. Before ending the script, I use something like ---- cut here ---- dd if=/dev/zero of=$TEMP/filename count=5 conv=notrunc ---- end cut ---- The count= should be long enough to cover the size of the file. That overwrites the file with zeros. Because of the "notrunc", it should overwrite the existing disk sectors, instead of freeing them and using new ones. This is only needed for files with sensitive information. If you are using encrypte "/tmp" or encrypted swap and mounting "/tmp" as tmpfs, that is even better. If you are using encrypted "/home" but not encrypted "/tmp", you might want to put the temp files under "/home". No guarantees that this is foolproof, but it avoids some of the more obvious problems. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org