0

I have a bash script which takes in user input and passes it to a tcl script.

The issue is that once I run the script, and the second tcl script is called, upon running the ps -f command, I can see the tcl script instantiation with the arguments passed (all this is in clear text). How can I hide the arguments from appearing in the ps -f output. I was thinking of shuffling and recreating the passed variables, but is there a way of completely hiding them from the ps -f output?

user2883071
  • 960
  • 1
  • 20
  • 50
  • 1
    Don't pass them as arguments. Use the environment (still shows up in `/proc`/etc.) or pass them via standard input/some other fd. – Etan Reisner Apr 23 '15 at 14:32
  • http://stackoverflow.com/questions/7443366/argument-passing-strategy-environment-variables-vs-command-line - I may run into a similar issue (as indicated in the answer) if I use environment variables. Is there another workaround? – user2883071 Apr 23 '15 at 14:40
  • Which issues are you worried about? That discussion was about *global* system environment variables. That's not what is being discussed here. These are for direct communication between parent and child (they will leave to any grand-children unless the tcl script removes them from its environment but it can do that). And yes, the other option is to pass them via an open fd or via a (temporary, possibly unlinked before being written to and passed via open fd) file. – Etan Reisner Apr 23 '15 at 14:42
  • So there may be multiple users running the script at the same time - passing in different parameters. As stated in the solution, wouldn't the environmental vars clash? (or am I understanding it wrong?) – user2883071 Apr 23 '15 at 14:46
  • 2
    You _cannot_ stop `ps` (with the right options) from seeing arguments or environment variables to _any_ process on the system. Send passwords by file or by file descriptor. – Donal Fellows Apr 23 '15 at 14:46
  • You are understanding it wrong. The environment variables are *per process*. You set them in your process, they inherit to the direct children. No other process (unless they go poking which they can) can see them. – Etan Reisner Apr 23 '15 at 14:47
  • So If I export the information from my first script (environmental vars) I can use them in my tcl script and these will not show up in any ps command correct? Also will these vars will be local to me and will they be destroyed after the script has ended? And one more question: is there any way that someone else can get these environmental vars After they have been destroyed (if they are) short of having a key logger. – user2883071 Apr 23 '15 at 15:10
  • `ps ewww` (on linux) will show the environment variables. Do not assume this information is hidden or safe. It would be helpful to know why you want to hide the information. If you needs something safer than the command line or the environment, consider using a socket or named pipe or encrypted file. – Brad Lanam Apr 23 '15 at 17:29
  • As suggested by a co-worker and Donal, I will be using temp files. The reason for this whole post is because I was passing credentials as from a bash script to a tcl script as parameters. These showed up in the ps output (with the tcl script initialization). – user2883071 Apr 23 '15 at 18:33

1 Answers1

0

I will be saving the entered Credentials to a file in script 1, then reading the credentials in from the file in script 2 and then deleting the file.

user2883071
  • 960
  • 1
  • 20
  • 50