Question

3

Is it safe to write sensitive data to terminal?

rated 0 times [ 3] [ 0] / answers: 1 / hits: 751 / 1 Year ago, sat, december 3, 2022, 3:04:19

I have a program to store passwords protected, however, interface is the terminal and passwords are all written visibly.
I have very limited knowledge on the security, so couldn't be sure if it is safe. I hope question is relevant to here.

Update. The program is something that I wrote. Details are unnecessary but it essentially stores a NumPy array which I put in the cloud. By visible I mean at the end of the day I am reading that NumPy array and printing to terminal. Which I learned it is definitely not safe, thanks to all.

Is there any way to fix it? (hopefully an easy way)

Update My distribution is Ubuntu Desktop 18.04.4

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

mouedi

Add To Favorites

Follow

Total Points: 420

Total Questions: 109

Total Answers: 116

Location: Philippines

Member since Wed, Aug 19, 2020

4 Years ago

mouedi questions

1 Wi-fi connection keeps disconnecting

Mon, Mar 28, 22, 20:06, 2 Years ago

1 Appropriate command to copy everything in root "/" to an external storage volume?

Sat, Aug 21, 21, 04:03, 3 Years ago

1 Copy and paste in the terminal?

Thu, Mar 10, 22, 05:12, 2 Years ago

1 Which kernel is LTS for Ubuntu 18.04 and how to install it?

Wed, Jul 20, 22, 15:05, 2 Years ago

1 Not able to install pdo_mysql

Thu, Aug 5, 21, 19:28, 3 Years ago

View All

answered 1 Year ago anoalk · Accepted Answer

Terminals has buffers which might reside on disk even without ecryption ( I don't know about gnome-terminal but I'm using Konsole and if you set the scrollback to unlimited then it buffers its contents unencrypted somewhere in the /tmp)

And another problem might be your bash_history. Each command that you type ( the exception is when you add a space before your command ) will go to your ~/.bash_history file if you close the terminal properly (i.e not in the event of a system crash ).

So if you want to type your sensitive information like passwords in a console command , you have to either delete that line manually or add a space before your command ( I didn't see it anywhere , but I found it myself with trial and error and might not work for other shells other than bash . For example that's not the case in the Z shell. And also might someday get removed from bash. Who knows)

In the ~/.bashrc file there are two variables as follows

HISTSIZE=2000

HISTFILESIZE=2000

If you set them to a negative number like -1 , then the bash history size would be unlimited . And if you want to disable the bash history feature , you can set them to zero. ( note that the bash history is an useful feature in the case you forgot the commands (i.e syntax or arguments) that you issued. For example I had a bash_history with the age of almost one year ! with almost 60,000 lines !)

Note that if in your terminal you've logged in as another user like root then the bash_history will go to /root/.bash_history not in your home directory.

And if you want to reboot or halt your system via terminal ( when you're working on the server , logged in via console , or just for fun ) then you should issue the command :

history -c && some_halt_command

to prevent the history buffer to be flushed into the bash_history.(although if you disable the feature via the aforementioned variables , I don't think you would need this)

So :

1) Delete that line manually from history

2) Add a space before your command if you use bash (which is default in most (if not all) distros)

3) Disable bash history