Re: encryption

To: debian-user@lists.debian.org
Subject: Re: encryption
From: David Wright <deblis@lionunicorn.co.uk>
Date: Sat, 21 Apr 2018 20:56:43 -0500
Message-id: <[🔎] 20180422015643.GA20493@alum>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 4438ae4b-6a81-05b9-b56e-56c10bdbfdc5@holgerdanske.com>
References: <[🔎] 20042018201750.130d9143617e@desktop.copernicus.org.uk> <[🔎] 20180421163605.GA8694@alum> <[🔎] 4438ae4b-6a81-05b9-b56e-56c10bdbfdc5@holgerdanske.com>

On Sat 21 Apr 2018 at 13:04:20 (-0700), David Christensen wrote:
> On 04/20/18 12:38, Brian wrote:
> >DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"
> 
> On 04/21/18 09:36, David Wright wrote:
> >If so, then won't the password be revealed by ps while eval is
> >evaluating it?
> 
> Apparently, not:
> 
> 2018-04-21 13:02:16 dpchrist@vstretch ~/sandbox/sh
> $ cat environment-var-ps
> CMD="echo hello" && eval "$CMD" && sleep 3 && echo world! &
> ps -f
> 
> 2018-04-21 13:02:18 dpchrist@vstretch ~/sandbox/sh
> $ dash environment-var-ps
> hello
> UID        PID  PPID  C STIME TTY          TIME CMD
> dpchrist  1681  1268  0 11:42 pts/1    00:00:00 -bash
> dpchrist  2541  1681  0 13:02 pts/1    00:00:00 dash environment-var-ps
> dpchrist  2542  2541  0 13:02 pts/1    00:00:00 dash environment-var-ps
> dpchrist  2543  2541  0 13:02 pts/1    00:00:00 ps -f
> dpchrist  2544  2542  0 13:02 pts/1    00:00:00 sleep 3
> 
> 2018-04-21 13:02:21 dpchrist@vstretch ~/sandbox/sh
> $ world!
> 
> 
> 2018-04-21 13:03:03 dpchrist@vstretch ~/sandbox/sh
> $ bash environment-var-ps
> hello
> UID        PID  PPID  C STIME TTY          TIME CMD
> dpchrist  1681  1268  0 11:42 pts/1    00:00:00 -bash
> dpchrist  2556  1681  0 13:03 pts/1    00:00:00 bash environment-var-ps
> dpchrist  2557  2556  0 13:03 pts/1    00:00:00 bash environment-var-ps
> dpchrist  2558  2556  0 13:03 pts/1    00:00:00 ps -f
> dpchrist  2559  2557  0 13:03 pts/1    00:00:00 sleep 3
> 
> 2018-04-21 13:03:05 dpchrist@vstretch ~/sandbox/sh
> $ world!

That just demonstrates a race between "echo hello" and ps.
Echo won, so all ps saw was the sleep command. What you need in $CMD
is a command that's slow to execute and loses the race:

wren!david 20:52:56 /tmp $ cat testing.sh 
CMD="echo hello && dd bs=1M if=/dev/urandom of=/dev/null count=100" && eval "$CMD" && echo world! &
ps -f
wren!david 20:53:01 /tmp $ bash testing.sh 
hello
UID        PID  PPID  C STIME TTY          TIME CMD
david     1591  1587  0 08:54 pts/4    00:00:00 bash
david    11553  1591  0 20:53 pts/4    00:00:00 bash testing.sh
david    11554 11553  0 20:53 pts/4    00:00:00 bash testing.sh
david    11555 11553  0 20:53 pts/4    00:00:00 ps -f
david    11556 11554  0 20:53 pts/4    00:00:00 dd bs=1M if=/dev/urandom of=/dev/null count=100
wren!david 20:53:04 /tmp $ 100+0 records in
100+0 records out
104857600 bytes (105 MB, 100 MiB) copied, 0.582277 s, 180 MB/s
world!

wren!david 20:53:07 /tmp $ dash testing.sh 
hello
UID        PID  PPID  C STIME TTY          TIME CMD
david     1591  1587  0 08:54 pts/4    00:00:00 bash
david    11562  1591  0 20:53 pts/4    00:00:00 dash testing.sh
david    11563 11562  0 20:53 pts/4    00:00:00 dash testing.sh
david    11564 11562  0 20:53 pts/4    00:00:00 ps -f
david    11565 11563  0 20:53 pts/4    00:00:00 dd bs=1M if=/dev/urandom of=/dev/null count=100
wren!david 20:53:11 /tmp $ 100+0 records in
100+0 records out
104857600 bytes (105 MB, 100 MiB) copied, 0.564181 s, 186 MB/s
world!

wren!david 20:53:12 /tmp $ 

Cheers,
David.

Reply to:

Follow-Ups:
- Re: encryption
  - From: Brian <ad44@cityscape.co.uk>
- Re: encryption
  - From: David Christensen <dpchrist@holgerdanske.com>

References:
- encryption
  - From: Brian <ad44@cityscape.co.uk>
- Re: encryption
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: encryption
  - From: David Christensen <dpchrist@holgerdanske.com>

Prev by Date: Re: X does not work in Debian 9.4
Next by Date: Re: encryption
Previous by thread: Re: encryption
Next by thread: Re: encryption
Index(es):
- Date
- Thread