Collaborate Disseminate
While searching for an answer to the question "how to hide command arguments from ps/proc etc", I came across the hidepid mount option, which hides a user’s own processes from another user (of course also command args launched fr… Continue reading Why is the mount option "hidepid=2" not used by default, is there a danger in using it?
While searching for an answer to the question "how to hide command arguments from ps/proc etc", I came across the hidepid mount option, which hides a user’s own processes from another user (of course also command args launched fr… Continue reading Why is the mount option "hidepid=2" not used by default, is there a danger in using it?
I want to use gpg from another user (user2), so that the primary user (user1) does not have access to the encrypted file, but only to the part the script will output.
Added a sudo rule for user1 to run /bin/gpg as user2. When I try to exec… Continue reading Using GPG from another user (GNU/Linux)
Since I am new to Linux, when writing scripts I always followed the rule "the less code, the less attack surface", so I try to write scripts with privileged access (sudo, root, etc.) in sh and use less third-party programs (grep,… Continue reading BASH vs SH (dash, etc.) in terms of security
Yes, the transfer to the script via arguments is visible through ps -ax, /proc/<pid>/cmdline etc., BUT if someone has already gained access to your account from the outside (e.g. by hacking your browser) he will have no trouble looki… Continue reading Is it really safe to pass sensitive data to another script via stdin, compared to passing via arguments (Linux)
What is this restriction for in terms of safety? And when connecting external drives via USB, the root password is not required. I can’t understand the logic.
I use the following rule in the fstab to connect the internal drive at runtime:
… Continue reading Why do I need the root password when mounting an internal drive in Linux?
I understand that nowadays passwords are not stored in plaintext, only as password + salt and hashed (minimum). But I haven’t found any exact confirmation that gpg does NOT store (cache, place in RAM) the passphrase in plaintext.
And if a … Continue reading GPG passphrase in the cache as a hash?