On Sat 21 Apr 2018 at 20:56:43 -0500, David Wright wrote: > On Sat 21 Apr 2018 at 13:04:20 (-0700), David Christensen wrote: > > On 04/20/18 12:38, Brian wrote: > > >DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT" > > > > On 04/21/18 09:36, David Wright wrote: > > >If so, then won't the password be revealed by ps while eval is > > >evaluating it? > > > > Apparently, not: > > > > 2018-04-21 13:02:16 dpchrist@vstretch ~/sandbox/sh > > $ cat environment-var-ps > > CMD="echo hello" && eval "$CMD" && sleep 3 && echo world! & > > ps -f > > > > 2018-04-21 13:02:18 dpchrist@vstretch ~/sandbox/sh > > $ dash environment-var-ps > > hello > > UID PID PPID C STIME TTY TIME CMD > > dpchrist 1681 1268 0 11:42 pts/1 00:00:00 -bash > > dpchrist 2541 1681 0 13:02 pts/1 00:00:00 dash environment-var-ps > > dpchrist 2542 2541 0 13:02 pts/1 00:00:00 dash environment-var-ps > > dpchrist 2543 2541 0 13:02 pts/1 00:00:00 ps -f > > dpchrist 2544 2542 0 13:02 pts/1 00:00:00 sleep 3 > > > > 2018-04-21 13:02:21 dpchrist@vstretch ~/sandbox/sh > > $ world! > > > > > > 2018-04-21 13:03:03 dpchrist@vstretch ~/sandbox/sh > > $ bash environment-var-ps > > hello > > UID PID PPID C STIME TTY TIME CMD > > dpchrist 1681 1268 0 11:42 pts/1 00:00:00 -bash > > dpchrist 2556 1681 0 13:03 pts/1 00:00:00 bash environment-var-ps > > dpchrist 2557 2556 0 13:03 pts/1 00:00:00 bash environment-var-ps > > dpchrist 2558 2556 0 13:03 pts/1 00:00:00 ps -f > > dpchrist 2559 2557 0 13:03 pts/1 00:00:00 sleep 3 > > > > 2018-04-21 13:03:05 dpchrist@vstretch ~/sandbox/sh > > $ world! > > That just demonstrates a race between "echo hello" and ps. > Echo won, so all ps saw was the sleep command. What you need in $CMD > is a command that's slow to execute and loses the race: > > wren!david 20:52:56 /tmp $ cat testing.sh > CMD="echo hello && dd bs=1M if=/dev/urandom of=/dev/null count=100" && eval > "$CMD" && echo world! & > ps -f > wren!david 20:53:01 /tmp $ bash testing.sh > hello
[...] I reduced the contents of myscript to its one essential line: mpw -M "secret" "railcard" Then brian@desktop:~$ echo hello && eval /home/brian/myscript && echo world! & sleep 2 && ps -f [1] 2049 hello hYM@ei0tSL1rOZRmYD4: UID PID PPID C STIME TTY TIME CMD brian 1106 1070 0 14:27 pts/2 00:00:00 -bash brian 2049 1106 0 16:15 pts/2 00:00:00 -bash brian 2051 2049 0 16:15 pts/2 00:00:00 /bin/bash /home/brian/myscript brian 2052 2051 89 16:15 pts/2 00:00:01 mpw -M railcard brian 2053 1106 0 16:15 pts/2 00:00:00 ps -f brian@desktop:~$ world! sleep is needed because mpw itself uses scrypt to generate a password and is slow. -M should be followed by the secret. It is not revealed by ps while eval is evaluating it. I do not know why. Perhaps it has something to do with the way mpw processes the command. -- Brian.