read_password() {
REPLY="$(
# always read from the tty even when redirected:
exec < /dev/tty || exit # || exit only needed for bash
# save current tty settings:
tty_settings=$(stty -g) || exit
# schedule restore of the settings on exit of that subshell
# or on receiving SIGINT or SIGTERM:
trap 'stty "$tty_settings"' EXIT INT TERM
# disable terminal local echo
stty -echo || exit
# prompt on tty
printf "Password: " > /dev/tty
# read password as one line, record exit status
IFS= read -r password; ret=$?
# display a newline to visually acknowledge the entered password
echo > /dev/tty
# return the password for $REPLY
printf '%s\n' "$password"
exit "$ret"
)"
}
Observe que, para esses shells (mksh), em que printf
não está integrado, a senha aparecerá em ps
output (por alguns microssegundos) ou poderá aparecer em alguns logs de auditoria se todas as chamadas de comando com seus parâmetros são auditados.