Simply put, if I change the contents of a variable from within a bash script will that action overwrite the ACTUAL memory location where the variable was initially stored?

The script prompts me for a passphrase then uses the passphrase to unlock and mount two LUKS partitions. If I then execute PASS="a long string of rubbish..." will the value of the original passphrase still be in memory? Is there a better way to "wipe" the value from memory?

TIA,

Ken

It depends on the internals of bash, it will probably allocate space on the heap when creating the variable, large enough to hold the data and any internal data it needs, when the variable changes it may reuse that memory if the new value uses less data than the old one, more probably it will release the memory back to the heap then allocate more memory for the new data, this will leave the old data in memory until the memory is re-allocated to some other process or bash itself and it would then be overwritten, but how long it will stay intact in memory is un-knowable.

Thanks Keith Hedger,

That is what I suspected.

Ken

Well, it won't be reallocated to another process. Any memory released to the kernel (unlikely) is zeroed before allocation to the alternate process.

But environment variables will remain within bash - but are retrievable by the debugger that may connect to the bash process.

This is one of the limitations of shell programming - they are NOT designed for security operations.

Thanks jpollard and pardon my delay in responding to your reply. When I ran the script I received a message scolding me about unsecure memory and asking me if I was root. It appears that I need to run the script as root. Perhaps root's use of memory is different?

Ken

Nope. The insecurity is inherent in shell programming.

It takes special effort to write applications that are secure - and none of them are done in a shell script. Possibly the best (IMO) is Perl - you can turn on the security option that will then track variables and signal when known insecurity occurs (a "taint" mode to detect insecure usage). This doesn't prevent security issues, but it does try to identify when they occur.

OK. Suppose I manually enter at the command line and enter the passphrase when prompted. Is the passphrase left floating in RAM somewhere? I believe I have read that the actual key used to decrypt the partition remains in memory so I wonder if the passphrase is a bigger vulnerability?

I believe the setup protects the passphrase by bypassing the shell when the prompt is presented (going through /dev/tty directly, the same way that passwd protects changing passwords), then once the passphrase is used to decrypt the decryption key the phrase is discarded by clearing the memory within the cryptsetup tool.

The decrypted key is protected by the kernel so that access to the data is possible.