Securely feeding a program with a password

Question

After understanding the problem with using a password in the command line, I need to find a way of feeding a program with a password without it being a problem (without the password being recorded somewhere).

I have a bash script that automatically installs an entire LAMP server from source: Apache, FastCGI, PHP & MySQL. These installations require a password, especially MySQL.

How can I make the script fully automated without revealing the password?

Edit (9 June, 3:55 UTC):
I'm invoking mysql with a password on the command line, via root:

root@dor-desktop:/home/dor# PASS=`cat /home/dor/tmpf/pass`
root@dor-desktop:/home/dor# mysql -u root -p"$PASS"
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6

(PASS="p4ssw0rd" in our case)
And I execute ps aux | grep mysql via my regular user (dor), which doesn't show me the password!
(Some of) ps output is:

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root      3562  0.0  0.0  34156  2864 pts/0    S+   05:53   0:00 mysql -u root -px xxxxxx

How's that possible?

Answer 1

In regard to your update:

When a process is started it has a dedicated area of memory where arguments are stored and a int which tells how many arguments was passed.

MEMORY
argc    2
argv[0] program_name
argv[1] foo
argv[2] bar

MySQL check if password was passed on command line by -p, and if it was copy it to a new variable that is not visible, then overwrite that region of memory with x'es.

In simple terms e.g.:

argc 2
argv[1] -p
argv[2] p4ssw0rd

new_var = copy(argv[2]);
argv[2] = "xxxxx";

You can find it e.g. in client/mysqladmin.cc of the source code:

  case 'p':
      ...
      opt_password=my_strdup(argument,MYF(MY_FAE));
      while (*argument) 
          *argument++= 'x';     /* Destroy argument */

When ps run it reads the memory region of the arguments, (argv[N]), and thus it is xxxx.

For a very short while the password is visible, but only for a few CPU cycles.

---

You can update the MySQL password using the special --init-file option and procedure. C.5.4.1.2. Resetting the Root Password: Unix Systems

mysqld_safe --init-file=/home/me/mysql-init &

---

Edit:

As @Gilles say, you can echo, printf or use here document from a script.

You can also add this to .my.cnf of your home directory or in a (temporary) file and use the --defaults-extra-file option. (Believe you have to add that option early on the command line.) optionally also include user. Also note the extra in the option name unless you want to use only that file as configuration:

[client]
user=foo
password='password!'

shell> chmod 400 my_tmp.cnf
shell> mysql --defaults-extra-file=my_tmp.conf -...

Optionally the [client] grouping makes mysqld skip the configuration.

One can also use MYSQL_PWD environment variable, but that should never be used as you can list environment, in many ps implementations by ps -e, in the /proc/<PID>/environ file on Linux etc.

tr '\0' '\n' < /proc/<PID>/environ

More on the topic here.

You might also want to have a look at the MySQL Configuration Utility which enables you to store password in a encrypted file in your home directory – .mylogin.cnf.

Answer 2

The typical solution is to read the password from a file or from standard input (or from another file descriptor which would have to be passed as a parameter).

Answer 3

Some programs (command line ftp for example) read passwords from /dev/tty, the per-process special file that represents the process' controlling TTY. This lets the program not echo the password back to the screen, and to have a little more assurance about where the password comes from.

#!/bin/bash

stty -F /dev/tty -echo 
read PASSWORD < /dev/tty

echo $PASSWORD