On 23/04/18 03:29, Brian wrote: > I reduced the contents of myscript to its one essential line: > > mpw -M "secret" "railcard" > > Then > > brian@desktop:~$ echo hello && eval /home/brian/myscript && echo world! & sleep 2 && ps -f > [1] 2049 > hello > hYM@ei0tSL1rOZRmYD4: > UID PID PPID C STIME TTY TIME CMD > brian 1106 1070 0 14:27 pts/2 00:00:00 -bash > brian 2049 1106 0 16:15 pts/2 00:00:00 -bash > brian 2051 2049 0 16:15 pts/2 00:00:00 /bin/bash /home/brian/myscript > brian 2052 2051 89 16:15 pts/2 00:00:01 mpw -M railcard > brian 2053 1106 0 16:15 pts/2 00:00:00 ps -f > brian@desktop:~$ world! > > sleep is needed because mpw itself uses scrypt to generate a password > and is slow. -M should be followed by the secret. It is not revealed > by ps while eval is evaluating it. I do not know why. Perhaps it has > something to do with the way mpw processes the command. > I believe a program can alter its own command line (as it appears to the system), and this is done by some programs that take passwords on the command line - which explains why the password is hidden, but the rest of the command line isn't. On the other hand, it's generally preferred not to pass passwords on the command line - use eg a config file, stdin, or an environment variable instead. BTW, if you're still interested in the original question, did you find 'shc'? It encrypts your script and creates a binary executable. I don't know how current/good the encryption is, though. It's in debian. Richard
Attachment:
signature.asc
Description: OpenPGP digital signature