Re: encryption
On Sat 21 Apr 2018 at 20:56:43 -0500, David Wright wrote:
> On Sat 21 Apr 2018 at 13:04:20 (-0700), David Christensen wrote:
> > On 04/20/18 12:38, Brian wrote:
> > >DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"
> >
> > On 04/21/18 09:36, David Wright wrote:
> > >If so, then won't the password be revealed by ps while eval is
> > >evaluating it?
> >
> > Apparently, not:
> >
> > 2018-04-21 13:02:16 dpchrist@vstretch ~/sandbox/sh
> > $ cat environment-var-ps
> > CMD="echo hello" && eval "$CMD" && sleep 3 && echo world! &
> > ps -f
> >
> > 2018-04-21 13:02:18 dpchrist@vstretch ~/sandbox/sh
> > $ dash environment-var-ps
> > hello
> > UID PID PPID C STIME TTY TIME CMD
> > dpchrist 1681 1268 0 11:42 pts/1 00:00:00 -bash
> > dpchrist 2541 1681 0 13:02 pts/1 00:00:00 dash environment-var-ps
> > dpchrist 2542 2541 0 13:02 pts/1 00:00:00 dash environment-var-ps
> > dpchrist 2543 2541 0 13:02 pts/1 00:00:00 ps -f
> > dpchrist 2544 2542 0 13:02 pts/1 00:00:00 sleep 3
> >
> > 2018-04-21 13:02:21 dpchrist@vstretch ~/sandbox/sh
> > $ world!
> >
> >
> > 2018-04-21 13:03:03 dpchrist@vstretch ~/sandbox/sh
> > $ bash environment-var-ps
> > hello
> > UID PID PPID C STIME TTY TIME CMD
> > dpchrist 1681 1268 0 11:42 pts/1 00:00:00 -bash
> > dpchrist 2556 1681 0 13:03 pts/1 00:00:00 bash environment-var-ps
> > dpchrist 2557 2556 0 13:03 pts/1 00:00:00 bash environment-var-ps
> > dpchrist 2558 2556 0 13:03 pts/1 00:00:00 ps -f
> > dpchrist 2559 2557 0 13:03 pts/1 00:00:00 sleep 3
> >
> > 2018-04-21 13:03:05 dpchrist@vstretch ~/sandbox/sh
> > $ world!
>
> That just demonstrates a race between "echo hello" and ps.
> Echo won, so all ps saw was the sleep command. What you need in $CMD
> is a command that's slow to execute and loses the race:
>
> wren!david 20:52:56 /tmp $ cat testing.sh
> CMD="echo hello && dd bs=1M if=/dev/urandom of=/dev/null count=100" && eval "$CMD" && echo world! &
> ps -f
> wren!david 20:53:01 /tmp $ bash testing.sh
> hello
[...]
I reduced the contents of myscript to its one essential line:
mpw -M "secret" "railcard"
Then
brian@desktop:~$ echo hello && eval /home/brian/myscript && echo world! & sleep 2 && ps -f
[1] 2049
hello
hYM@ei0tSL1rOZRmYD4:
UID PID PPID C STIME TTY TIME CMD
brian 1106 1070 0 14:27 pts/2 00:00:00 -bash
brian 2049 1106 0 16:15 pts/2 00:00:00 -bash
brian 2051 2049 0 16:15 pts/2 00:00:00 /bin/bash /home/brian/myscript
brian 2052 2051 89 16:15 pts/2 00:00:01 mpw -M railcard
brian 2053 1106 0 16:15 pts/2 00:00:00 ps -f
brian@desktop:~$ world!
sleep is needed because mpw itself uses scrypt to generate a password
and is slow. -M should be followed by the secret. It is not revealed
by ps while eval is evaluating it. I do not know why. Perhaps it has
something to do with the way mpw processes the command.
--
Brian.
Reply to: