Shell Programming and Scripting

Hello people,
In shell scripts if some sensitive data is set into the env so that it is available to other scripts called within those scripts -- Are there are security implications ?
-- I believe the scope of those environment variables ends with the execution of the script.
-- I see that while the script is running those env variables are not accessible from the command line.

Is my understanding correct? Any comments ? Please let me know.

Regards,
T.

Hi ,
When ever you are setting any value to a varible its scope is limited to that script or any child script started by that parent.

In order to access those variables from any script which are not child of that parent script its better that you create a file where you keep those vairables and execute that file before each script run, by doing that you would be able to access those variable by any script.


Regards,
Manish Jha

Which OS are you on ?

Ever looked into /proc/<pid>/environ ?

The BSD version of ps has an option to display the environment of the processes it lists. So in general that is not secure. If you must do that, you can limit the window of exposure by putting the data in the environment just before invoking the script. And then in the script, reset the environment as the first operation.

Try to use a pipe instead.

echo $secretstuff | some_script

and in the script do:
read secretstuff

Very good point.

Code:

$ $ uname
Linux
$ while read -d $'\0' LINE
        do echo ${LINE}
done < /proc/$$/environ
USER=xxxxx
LOGNAME=xxxxx
HOME=/home/xxxxx
PATH=/usr/bin:/bin:/usr/sbin:/sbin
MAIL=/var/mail/xxxxx
SHELL=/bin/bash
SSH_CLIENT=xx.xx.xx.xx 63973 22
SSH_CONNECTION=xx.xx.xx.xx 63973 xx.xx.xx.xx 22
SSH_TTY=/dev/pts/0
TERM=xterm
$

It appears accessible by any programs running as the same user.