From 820dec6d3f7b5c272c9ee43de48a6b94a61b9db5 Mon Sep 17 00:00:00 2001 From: Timothe Litt Date: Mon, 15 May 2017 22:44:24 -0400 Subject: [PATCH] Have curl read Authrorizaton header from stdin rather than the command line. Prevents GoDaddy secret and key from exposure via ps. There is still an issue if environment variables can be read. --- dns_scripts/dns_godaddy | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/dns_scripts/dns_godaddy b/dns_scripts/dns_godaddy index 536fdd1..0e6454c 100755 --- a/dns_scripts/dns_godaddy +++ b/dns_scripts/dns_godaddy @@ -178,8 +178,6 @@ fi echo "`basename $0`: $op $domain $name \"$data\" $ttl" >&2 # Authorization header has secret and key -# N.B. These will appear in a 'ps' listing since curl only allows -# headers to be provided on the command line. authhdr="Authorization: sso-key $GODADDY_KEY:$GODADDY_SECRET" @@ -199,9 +197,12 @@ Add request to: $url $request" -------- EOF - result="$(curl -i -s -X PUT -H "$authhdr" \ - -H "Content-Type: application/json" \ - -d "$request" "$url")" + + result="$(curl -i -s -X PUT -d "$request" --config - "$url" <&2 <&2 - current="$(curl -i -s -X GET -H "$authhdr" "$url")" + current="$(curl -i -s -X GET --config - "$url" <&2 @@ -357,9 +361,11 @@ $request -------- EOF -result="$(curl -i -s -X PUT -H "$authhdr" \ - -H "Content-Type: application/json" \ - -d "$request" "$url")" +result="$(curl -i -s -X PUT -d "$request" --config - "$url" <&2 <