0

There is quite a common issue in unix world, that is when you start a process with parameters, one of them being sensitive, other users can read it just by executing ps -ef. (For example mysql -u root -p secret_pw

Most frequent recommendation I found was simply not to do that, never run processes with sensitive parameters, instead pass these information other way.

However, I found that some processes have the ability to change the parameter line after they processed the parameters, looking for example like this in processes:

xfreerdp -decorations /w:1903 /h:1119 /kbd:0x00000409 /d:HCG /u:petr.bena /parent-window:54526138 /bpp:24 /audio-mode: /drive:media /media /network:lan /rfx /cert-ignore /clipboard /port:3389 /v:cz-bw47.hcg.homecredit.net /p:********

Note /p:*********** parameter where password was removed somehow.

How can I do that? Is it possible for a process in linux to alter the argument list they received? I assume that simply overwriting the char **args I get in main() function wouldn't do the trick. I suppose that maybe changing some files in /proc pseudofs might work?

Petr
  • 13,747
  • 20
  • 89
  • 144
  • Possible duplicate of [Setting the thread /proc/PID/cmdline?](http://stackoverflow.com/questions/139859/setting-the-thread-proc-pid-cmdline) – Joni Mar 02 '16 at 08:27
  • 1
    Check the accepted answer here [How does ps know to hide passwords](http://unix.stackexchange.com/questions/88665/how-does-ps-know-to-hide-passwords) and the comments. – Francesco de Guytenaere Mar 02 '16 at 08:30
  • Possible duplicate of [Hiding secret from command line parameter on Unix](http://stackoverflow.com/questions/3830823/hiding-secret-from-command-line-parameter-on-unix) – Francesco de Guytenaere Mar 02 '16 at 08:31

1 Answers1

0

"hiding" like this does not work. At the end of the day there is a time window where your password is perfectly visible so this is a total non-starter, even if it is not completely useless.

The way to go is to pass the password in an environment variable.

  • Can you elaborate on that? Which window at the end of the day you mean? – Petr Mar 02 '16 at 10:11
  • The program is executed and gets the password passed as an argument. The password is visible before the program obfuscates it, which can take long enough for interested parties to read it. It is fundamentally wrong to pass the password on the command line. –  Mar 02 '16 at 11:37
  • Yes I know it's wrong but I was curious how to do that anyway – Petr Mar 02 '16 at 12:53
  • Arguments are placed on the stack and the kernel just reads it in order to generate /proc//cmdline, which is how ps gets the name. So you just modify that and that's it. –  Mar 02 '16 at 13:21