Re: encryption

To: debian-user@lists.debian.org
Subject: Re: encryption
From: Brian <ad44@cityscape.co.uk>
Date: Sun, 22 Apr 2018 16:29:58 +0100
Message-id: <[🔎] 22042018160639.7bbb06d15a26@desktop.copernicus.org.uk>
In-reply-to: <[🔎] 20180422015643.GA20493@alum>
References: <[🔎] 20042018201750.130d9143617e@desktop.copernicus.org.uk> <[🔎] 20180421163605.GA8694@alum> <[🔎] 4438ae4b-6a81-05b9-b56e-56c10bdbfdc5@holgerdanske.com> <[🔎] 20180422015643.GA20493@alum>

On Sat 21 Apr 2018 at 20:56:43 -0500, David Wright wrote:

> On Sat 21 Apr 2018 at 13:04:20 (-0700), David Christensen wrote:
> > On 04/20/18 12:38, Brian wrote:
> > >DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"
> > 
> > On 04/21/18 09:36, David Wright wrote:
> > >If so, then won't the password be revealed by ps while eval is
> > >evaluating it?
> > 
> > Apparently, not:
> > 
> > 2018-04-21 13:02:16 dpchrist@vstretch ~/sandbox/sh
> > $ cat environment-var-ps
> > CMD="echo hello" && eval "$CMD" && sleep 3 && echo world! &
> > ps -f
> > 
> > 2018-04-21 13:02:18 dpchrist@vstretch ~/sandbox/sh
> > $ dash environment-var-ps
> > hello
> > UID        PID  PPID  C STIME TTY          TIME CMD
> > dpchrist  1681  1268  0 11:42 pts/1    00:00:00 -bash
> > dpchrist  2541  1681  0 13:02 pts/1    00:00:00 dash environment-var-ps
> > dpchrist  2542  2541  0 13:02 pts/1    00:00:00 dash environment-var-ps
> > dpchrist  2543  2541  0 13:02 pts/1    00:00:00 ps -f
> > dpchrist  2544  2542  0 13:02 pts/1    00:00:00 sleep 3
> > 
> > 2018-04-21 13:02:21 dpchrist@vstretch ~/sandbox/sh
> > $ world!
> > 
> > 
> > 2018-04-21 13:03:03 dpchrist@vstretch ~/sandbox/sh
> > $ bash environment-var-ps
> > hello
> > UID        PID  PPID  C STIME TTY          TIME CMD
> > dpchrist  1681  1268  0 11:42 pts/1    00:00:00 -bash
> > dpchrist  2556  1681  0 13:03 pts/1    00:00:00 bash environment-var-ps
> > dpchrist  2557  2556  0 13:03 pts/1    00:00:00 bash environment-var-ps
> > dpchrist  2558  2556  0 13:03 pts/1    00:00:00 ps -f
> > dpchrist  2559  2557  0 13:03 pts/1    00:00:00 sleep 3
> > 
> > 2018-04-21 13:03:05 dpchrist@vstretch ~/sandbox/sh
> > $ world!
> 
> That just demonstrates a race between "echo hello" and ps.
> Echo won, so all ps saw was the sleep command. What you need in $CMD
> is a command that's slow to execute and loses the race:
> 
> wren!david 20:52:56 /tmp $ cat testing.sh 
> CMD="echo hello && dd bs=1M if=/dev/urandom of=/dev/null count=100" && eval "$CMD" && echo world! &
> ps -f
> wren!david 20:53:01 /tmp $ bash testing.sh 
> hello

[...]

I reduced the contents of myscript to its one essential line:

 mpw -M "secret" "railcard"

Then

 brian@desktop:~$ echo hello && eval /home/brian/myscript && echo world! & sleep 2 && ps -f
 [1] 2049
 hello
 hYM@ei0tSL1rOZRmYD4:
 UID        PID  PPID  C STIME TTY          TIME CMD
 brian     1106  1070  0 14:27 pts/2    00:00:00 -bash
 brian     2049  1106  0 16:15 pts/2    00:00:00 -bash
 brian     2051  2049  0 16:15 pts/2    00:00:00 /bin/bash /home/brian/myscript
 brian     2052  2051 89 16:15 pts/2    00:00:01 mpw -M                                       railcard
 brian     2053  1106  0 16:15 pts/2    00:00:00 ps -f
 brian@desktop:~$ world!

sleep is needed because mpw itself uses scrypt to generate a password
and is slow. -M should be followed by the secret. It is not revealed
by ps while eval is evaluating it. I do not know why. Perhaps it has
something to do with the way mpw processes the command.

-- 
Brian.

Reply to:

Follow-Ups:
- Re: encryption
  - From: Richard Hector <richard@walnut.gen.nz>

References:
- encryption
  - From: Brian <ad44@cityscape.co.uk>
- Re: encryption
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: encryption
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: encryption
  - From: David Wright <deblis@lionunicorn.co.uk>

Prev by Date: Re: X does not work in Debian 9.4
Next by Date: Re: encryption
Previous by thread: Re: encryption
Next by thread: Re: encryption
Index(es):
- Date
- Thread