From 13dfec54b934922384f92826dfc7bc2fa7726223 Mon Sep 17 00:00:00 2001
From: Xiao Pan <gky44px1999@gmail.com>
Date: Wed, 28 Feb 2024 23:14:00 -0800
Subject: unset prp pass vars just in case it being sourced

---
 sh/prp | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'sh/prp')

diff --git a/sh/prp b/sh/prp
index 541b2ee..1bdab0e 100755
--- a/sh/prp
+++ b/sh/prp
@@ -1,6 +1,9 @@
 #!/bin/sh
 # PRactice Password
 
+# maybe will leak password to ps/top/htop and swap file
+# not sure I only compare the password variables will leak or not
+
 read_pass () {
 	stty -echo
 	# -r necessary because password may contain backslash \
@@ -17,4 +20,9 @@ while ! [ "$entered_pass" = "$correct_pass" ]; do
 	echo "Wrong password, enter again:"
 	read_pass
 done
+
+# `. /bin/prp` will set these password variables as environment variables and can be accessed by the whole shell, so I unset these just in case
+unset entered_pass
+unset correct_pass
+
 echo "Correct password"
-- 
cgit v1.2.3-70-g09d2