4

I am writing a bash script and prompt the user for his password. This password is supplied for either a local or domain account to query a MS SQL Server (using sqsh and freetds).

How secure is the code below ?

echo "What is the password for $mssqlu ?: "
read -s mssqlp

I suppose there is no hashing involved here, and the clear password exists somewhere in memory.

Is is vulnerable to any sort of attack ? Can it be revealed ? Thank you for your help

Florian Bidabé
  • 703
  • 4
  • 10

1 Answers1

5

Great question.

In bash, when you use "read" to get a password from standard input, the password is of course stored in plain text in memory. However, this is often the case for passwords in general -- something has to be storing them in plain text to use them. If it was encrypted, a way to decrypt it would have to also exist in memory -- thus the encryption wouldn't be very helpful then.

In this case I can offer two sets of best practices:

1) Use another method of authentication than password entered by the user. This could take the form of:

  • For MS-SQL databases, using a "trusted" connection for authentication rather than a user-entered password. Other databases offer a variety of systems for logging in without a password.
  • Join the computer to the domain and have the user login with Active Directory credentials. Then have the script use this authentication to login to sql. MS does publish sqlcmd and an ODBC driver for Linux that I've used successfully.

2) If you must use a password supplied by standard input, turn echo off in the bash script. Of course, bash scripts still need to be checked for possible exploits. If your script sources a file that is writable by any user, then of course that file could be altered to send the password to an attacker.

You may want to consider use of a passphrase file which is chmoded so only a single user can access it. Then simply read-in the password from this file. This is probably comparable in security to using the stdin password. While the user doesn't constantly type the password so some vulnerabilities (e.g. keylogger) would not exist; it would increase the ease of a password grabbing attack if someone just hacked the server.

Herringbone Cat
  • 4,242
  • 15
  • 19
  • There is no need to decrypt a password once it is encrypted. See http://linux.die.net/man/3/crypt how it works. – ott-- Jun 25 '15 at 17:48
  • I don't think that is applicable to this question. If you need to connect to a remote database server that is expecting a regular password, you need the plaintext password. Using a hash, or a trivial-to-crack DES encrypted string would not work unless it was in plaintext when creating the database session. Thus, it needs to be decrypted. – Herringbone Cat Jun 25 '15 at 21:12
  • Great, thank you mate. I'll give it a few extra days before accepting an answer. I will check if I can implement a trusted connection with sqsh and will make network trace to see whether that traffic is encrypted (I hope so !). Thanks for your help. – Florian Bidabé Jun 26 '15 at 00:43