On Sat 21 Apr 2018 at 19:14:06 (+0100), Brian wrote: > On Sat 21 Apr 2018 at 11:36:05 -0500, David Wright wrote: > > > On Fri 20 Apr 2018 at 20:38:48 (+0100), Brian wrote: > > > T have a script. It contains an important password. > > > > If you cat /usr/local/bin/myscript do you see your important > > password on the screen? > > With the unencrypted file - yes. With the encrypted file -no. > > > > > I have encrypted the script with > > > > > > scrypt [enc] -t 10 /usr/local/bin/myscript > > > > > > I can, of course, decrypt it with > > > > > > scrypt dec /usr/local/bin/myscript > > > > > > and then execute the script. > > > > > > The two last steps have been combined into > > > > > > DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT" > > > > > > Should I have any more concerns with this command than I have with the > > > two-step process? > > > > If so, then won't the password be revealed by ps while eval is > > evaluating it? > > I do not know the most efficacious way to see the ps output in real time > as eval runs. With a bit of trial and error (scrypt is slow enough to > switch to another console and use ps) I captured > > 23266 pts/7 R+ 0:00 mpw -q -F -M > -t railcard > > in its output. mpw is the basic command executed by myscript. Switches > are shown but not parameters. -M is the very important one. The gap > would be occupied by the passphrase. > > Is it possible that ps output does not show parameters to switches?
Not AFAIK. Here, I can see lines in the list such as: 1247 ? Ss 0:00 wpa_supplicant -B -i wlp2s0 -c /var/lib/wicd/configurations/44xxfcxxxxxx -Dwext 1706 tty1 S 0:00 xterm -geometry 110x38+0+0 -fn neep-iso10646-1-18 -xrm *Page: 3 1 As you can see, I've mangled the MAC of my router that would be revealed otherwise. And I wouldn't like to rely on winning a race with ps to avoid capture of information exposed in my command lines. Cheers, David.