Linux – Hide arguments of commands in ps

argumentscommandlinuxprocessps

I run an application on a linux server, and when I run the application I supply the password as a command line, like this:

 ./myapplication --smtp-password mypassword

In our application, we didn't built so far encrypt/decrypt , because it is supposed to be a very simple monitoring application, and it is very simple "pinging" and health check and send email in case of failure.

Any admin – and we have three other admins – can just list the process with ps, and see the command arguments, and figure out the password.

Is there a way to hide that?

Best Answer

Better would be to rewrite myapplication so it gets the password via some other mean like stdin. The environ is another option, but that is still visible to processes with the same euid (or euid 0) via /proc/<pid>/environ.

If not, on Linux with versions prior to 4.2, you can limit the exposure by making sure the password is not in the first 4096 bytes of the command line so other processes can't obtain it via reading /proc/<pid>/cmdline (like ps does). 4.2 and above no longer truncate /proc/<pid>/cmdline.

For instance, with zsh

.${(l:4094::/:):-myapplication} --smtp-password=secret

Would run myapplication with the first argument being 4095 bytes large (4096 you'd trip the PATH_MAX limit), something like .//////[...]///myapplication, so your password would be beyond the 4095 break point.

Note that audit logs and shell history files are other areas of concern for secret strings passed on the command line.

Related Solutions

‘ps’ arguments to display PID, PPID, PGID, and SID collectively

Here you go:

$ ps  xao pid,ppid,pgid,sid | head
  PID  PPID  PGID   SID
    1     0     1     1
    2     0     0     0
    3     2     0     0
    6     2     0     0
    7     2     0     0
   21     2     0     0
   22     2     0     0
   23     2     0     0
   24     2     0     0

If you want to see the process' name as well, use this:

$ ps  xao pid,ppid,pgid,sid,comm | head
  PID  PPID  PGID   SID COMMAND
    1     0     1     1 init
    2     0     0     0 kthreadd
    3     2     0     0 ksoftirqd/0
    6     2     0     0 migration/0
    7     2     0     0 watchdog/0
   21     2     0     0 cpuset
   22     2     0     0 khelper
   23     2     0     0 kdevtmpfs
   24     2     0     0 netns

PS Command Security – How It Hides Passwords

ps does not hide the password. Applications like mysql overwrite arguments list that they got. Please note, that there is a small time frame (possible extendible by high system load), where the arguments are visible to other applications until they are overwritten. Hiding the process to other users could help. In general it is much better to pass passwords via files than per command line.

In this article it is described for C, how to do this. The following example hides/deletes all command line arguments:

#include <string.h>

int main(int argc, char **argv)
{
    // process command line arguments....

    // hide command line arguments
    if (argc > 1) {
        char *arg_end;    
        arg_end = argv[argc-1] + strlen (argv[argc-1]);
        *arg_end = ' ';
    }

    // ...
}

Look also at https://stackoverflow.com/questions/724582/hide-arguments-from-ps and https://stackoverflow.com/questions/3830823/hiding-secret-from-command-line-parameter-on-unix .

Best Answer

Related Solutions

‘ps’ arguments to display PID, PPID, PGID, and SID collectively

PS Command Security – How It Hides Passwords

Related Question