14

Is storing my password this way safe?

echo 'Write sudo password (will not be displayed) and hit enter'
read -s password

I need it to make commands like this:

echo $password | sudo -S apt-get install -y foo bar
Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
Sławosz
  • 11,187
  • 15
  • 73
  • 106

4 Answers4

13

No because you can see it via /proc/$PID/cmdline.

I suggest not to try to reinvent security tools. The sudo program can cache your password.

Dirk Eddelbuettel
  • 360,940
  • 56
  • 644
  • 725
  • 2
    There might be a very short window while the /proc entry for the echo command exists, but 'short' is the operative term, it seems to me (as in milliseconds, or less). – Jonathan Leffler Sep 08 '10 at 12:06
  • 2
    Do `strace -o bash.strace -f bash -c 'echo password | cat'` and examine the file `bash.strace`. You will see the line with `execve("/bin/cat", ["cat"], [/* 53 vars */]) = 0`, but you won't see echo there (except in the first line where it is passed to bash): it is a bash builtin. So, launching the script in bash is enough to keep it safe. – ZyX Sep 08 '10 at 21:59
  • @ZyX - thanks for the explanation of the risk. I would not have considered this type of solution previously, yet my situation forces me to use it. Glad it isn't as insecure as I feared. – MountainX Jun 30 '13 at 02:27
11

A better approach would be to edit your sudoers file and add your program that don't require password...

Do a sudo visudo and add following to enable your admin group to run apt-get w/o password: %admin ALL = NOPASSWD: /usr/bin/apt-get

See sudoers man page for more detail.

fseto
  • 9,898
  • 1
  • 19
  • 14
7
echo $password | sudo -S apt-get install -y foo bar

This is a bit dangerous. If the user is already authenticated to sudo, sudo won't request the password again and it will be forwarded to apt-get, with could lead to strange results (for example, if the postinstall script asks a question). I would suggest to use

sudo -k                         # remove previous sudo timestamp
echo $password | sudo -v -S     # create a new one for 15 minutes
sudo apt-get ...                # execute the command

instead.

EDIT: Dirk is correct about the password being visible for a very short time while echo is executed. Please see my answer as an extended comment rather than an answer to your question.

Heinzi
  • 167,459
  • 57
  • 363
  • 519
  • Why use the variable - why not just let sudo handle the prompting? I think the second line should become `sudo -v -S`. The only reason to keep it would be because 'read -s' does not echo the password - but then, neither does `sudo`, does it? – Jonathan Leffler Sep 08 '10 at 12:11
  • @Jonathan: True. However, such scripts are often used to execute sudo on multiple computers (see here for an example: http://www.heinzi.at/projects/upgradebest.sh/). Then, it makes sense not having to enter the password multiple times. – Heinzi Sep 08 '10 at 12:19
  • Fair enough - I forgot to account for the minimization for the purposes of asking the question on SO. – Jonathan Leffler Sep 08 '10 at 12:31
-2

sudo is open source, so you can compile your own version which takes the password as a command line parameter.

CSpangled
  • 19
  • 6
  • 2
    I would strongly advise against using a home-brewn version of such an important part of the operating system without a *very* good reason. (You'd have to manually apply and recompile every patch, etc.) – Heinzi Sep 08 '10 at 12:20