Password prompt for sedutil

[hon1nbo]

sedutil should use a password prompt rather than having the password inline with the command. This prevents the password from entering log files like .bash_history Whilst one can delete .bash_history some organizations may be required to keep it intact for auditing purposes (I would personally like my sedutil logged so I can demonstrate that I maintain it, but don't want my password in it).

I just pulled the repo to go through it and tinker with it, and look for every case where this can be inserted, but for now this issue thread can be a starting point.

Cheers, -H

[bcarmo-caio]

What about doing like this?

read -s SEDUTIL_PASS
./sedutil-cli <whatever> --pass $SEDUTIL_PASS (change syntax to suit your needs here)

For now, I think it can help you cause you won't be deleting any lines from .bash_history and your variables are context safe.

What one should be worried is the fact that ps may show you password because it displays the entire command line. If sedutil binary is not erasing that memory region after saving it elsewhere, practically anyone can get you password with just a ps.

[hon1nbo]

yeah I was thinking about ps after I originally wrote this. Luckily for me it only makes a difference when doing administration, as I use a PBA / BIOS once a drive is set. I actually set a macro that disabled history for the time being to account for the other stuff like .bash_history. I've had very little time for dev work myself recently. Hoping I can contribute back to this in the near future. It's a great project, just needs a little polishing.