6

I'm not sure if this question is more appropriate for Stackoverflow or SuperUser or what StackExchange site...

Basically I'm launching a third-party app from C# with Process.Start with several command line parameters. One of those command line parameters is a password.

I think I'm doing a really good job of securing that password everywhere in my app, except if you open the Processes tab in Task Manager, you can add the "Command Line" column and see all of those command line parameters.

Can anyone think of a way to launch a process that somehow has the command line params hidden? Is this possible at all?

Thank you!

EDIT:

This is a Windows Service wrapper for plink.exe (SSH/Putty stuff). It will prompt for a password if I don't specify the password in the command line, but I get this weird warning:

Plink.exe - 3/30/2013 2:40:47 PM - Attempting keyboard-interactive authentication
Plink.exe - 3/30/2013 2:40:47 PM - Server refused keyboard-interactive authentication
Plink.exe - 3/30/2013 2:40:49 PM - user@hostname.com's password:

I have specified to redirect the standard input, but perhaps I will continue looking in to that and see if I can work-around it. Also, as David Heffernan recommended, I'm going to look further into Pageant. Thank you everyone - I will post an update once I figure out a better solution!

Adam Plocher
  • 13,994
  • 6
  • 46
  • 79
  • does the third-party app change often? As in, new versions and all. Also, where is this deployed? On your server, or customer PCs? – Filip Mar 30 '13 at 10:19
  • I don't think it'd work either - but just for fun - is it a console app? What happens if you don't supply the password? Does it spit out the command line to enter again? that's one thought - you could I think stream input to a console (e.g. [this](http://stackoverflow.com/questions/6721396/repeatably-feeding-input-to-a-process-standard-input) ) - I think that worked if I remember well - but that's a long shut :) – NSGaga-mostly-inactive Mar 30 '13 at 12:34
  • Thank you guys for the comments/answer. Basically I'm writing a Windows Service that uses plink.exe (from the creator of Putty.exe for SSH connections) to establish semi-permanent SSH tunnels. – Adam Plocher Mar 30 '13 at 21:31
  • Oops, hit enter too soon :P. It will prompt for a password, but when I use Process.Start it will prompt for the password and then immediately say something like "Keyboard hook not found" or something like that, and then exit. Even if I redirect standard input, I can't seem to tie in to that at all... – Adam Plocher Mar 30 '13 at 21:32
  • With Putty you can use Pageant and avoid specifying password on command line – David Heffernan Mar 30 '13 at 21:39
  • Thanks David, I was looking in to that a little bit last night. That might be the way to go, but I'm trying to make this as easy to use for possible open source distribution. I'll continue looking at that. Take a look at my updated question - I'm going to continue trying to tie in to the interactive password prompt, but if I can't I will take the pageant path. Thanks a lot David! – Adam Plocher Mar 30 '13 at 21:45

2 Answers2

3

There's no way to pass a command line argument to a process, so that the process can see it, but everything else in the system cannot.

This is an obvious flaw and when programs allow passwords to be passed as arguments, it's usually done for convenience for the user that is not concerned about eavesdroppers. Well designed programs will usually provide, in addition, other secure means of authentication.

ctrl-alt-delor
  • 7,506
  • 5
  • 40
  • 52
David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
2

If you set an ACL for the new process, it should restrict who can read the command line information. An empty ACL, granting no permissions, might block access to administrators using Task Manager, though my first guess is that it will not. (Note that an empty security descriptor is not the same thing as an empty ACL. One implicitly grants permission to everyone, the other implicitly denies it.)

Of course, an administrator could always replace plink.exe with something that stores the password somewhere. So I'm not sure that worrying about what the administrator can see with Task Manager makes sense!

Harry Johnston
  • 35,639
  • 6
  • 68
  • 158