NetCoder NetCoder - 6 months ago 18
Linux Question

Can a program leave no traces behind when handling passwords?

There is a script that generates a passwords and stores it in a variable and in a file. Then the password in the variable is used to encrypt another file. That's it! Now that is not hard to write the hard part is: Can you delete all traces? Because from what I have read the commands in the script (and the output) will be saved somewhere.

Back to the question:


  • How can the script delete all traces of the script ever been executed, of the variable containing the password and the output? (Prefering a command that I can put in 'script.sh')

  • Where is the output and the value of the variable saved?



NOTE: I'm new to this community so feel free to give feedback on the quality of the question.

Answer

~./bash_history - in the normal case - is accessible only to you and the root.. You may have a cronjob to empty this file occasionally or frequently. This could be as simple as :

#m h  dom mon dow   command
 * *   *   *   *    cat /dev/null>~./bash_history

If the above doesn't solve your problem, you can use a tool called bleachbit.

$ apt-cache show bleachbit

gave me :

Description-en: delete unnecessary files from the system
 BleachBit deletes unnecessary files to free valuable disk space, maintain
 privacy, and remove junk. It removes cache, Internet history, temporary files,
 cookies, and broken shortcuts.
 .
 It handles cleaning of Adobe Reader, Bash, Beagle, Epiphany, Firefox, Flash,
 GIMP, Google Earth, Java, KDE, OpenOffice.org, Opera, RealPlayer, rpmbuild,
 Second Life Viewer, VIM, XChat, and more.
 .
 Beyond simply erasing junk files, BleachBit wipes free disk space (to hide
 previously deleted files for privacy and to improve compression of images),
 vacuums Firefox databases (to improve performance without deleting data), and
 securely **shreds** arbitrary files.

Note that it handles cleaning of bash.

Do have a look at BleachBit [ features ] page.