1

I'm trying to insert sensible data into a file. I'm trying to write a MySQL configuration file dynamically. The file contains this:

[client]
password: 87sfZEKEF,5

The script that I used is owned by root, and therefore "nobody" can see its content. I'm trying to find the most secure command, or way, to pass the content of the file to the actual file. The actual file has an unguessable name, and is secured with chmod 600 just after it's written.

The possible problems that I see is:

If I use echo:

echo -e "[client]\npassword: 87sfZEKEF,5" > /tmp/unguessable/path/to/dynamic/mycnf

Then the ps command would probably be able to catch the password, is that right ?

What about using heredoc syntax? 

cat << EOF > /tmp/unguessable/path/to/dynamic/mycnf
[client]
password: 87sfZEKEF,5
EOF

Is this more secure? Are there more secure ways?

Is there a "totally" secured way (or, what's the most secure and reasonable way) to write such a file?

Improve this question
2
  • 1
    echo is a bash built-in so ps would not catch the password in that precise circumstance. Whether there are other security issues with your script is another question altogether.
    – paj28
    Commented Sep 21, 2015 at 11:20
  • 1
    @paj28: Yes, one would be a race condition - the file could possibly be read before the permissions are set.
    – SilverlightFox
    Commented Sep 22, 2015 at 8:25

1 Answer 1

Reset to default
1

Actually I found the answer right after writing the question:

https://stackoverflow.com/questions/11279335/bash-write-to-file-without-echo

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .