Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

How best to hide command-line arguments from ps command?

by Plankton (Vicar)
on Nov 18, 2003 at 20:58 UTC ( [id://308126]=perlquestion: print w/replies, xml ) Need Help??

Plankton has asked for the wisdom of the Perl Monks concerning the following question:

I know that entering passwords on the command line is a bad idea, because all someone would need to do is execute a ps -ef command to see your password. So I am wondering how could I pass as password to my perl script from a sh wrapper. Here is what I think will work ...
bash-2.03$ cat test.sh #!/bin/sh echo "Enter Password:" stty -echo read PASSWD stty echo export PASSWD test.pl bash-2.03$ cat test.pl #!/usr/local/bin/perl -w my $passwd = shift || $ENV{'PASSWD'}; while(1) { print "blah balh\n"; sleep 1; }
... this should be secure right?

Plankton: 1% Evil, 99% Hot Gas.

Replies are listed 'Best First'.
Re: How best to hide command-line arguments from ps command?
by hardburn (Abbot) on Nov 18, 2003 at 21:37 UTC

    this should be secure right?

    Ha!

    What would you do about thes things:

    • Going through /dev/kmem to find the memory location the password is stored at
    • A keystroke logger being installed on the system
    • The perl binary being trojaned

    Purely from a programmer's point of view, there is nothing you can do about any of these things. Security is not a binary Yes or No, but something that needs to be brought as close to Yes as possible without massive cuts into the usefulness of the system.

    ----
    I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
    -- Schemer

    : () { :|:& };:

    Note: All code is untested, unless otherwise stated

Re: How best to hide command-line arguments from ps command?
by hanenkamp (Pilgrim) on Nov 18, 2003 at 21:41 UTC

    Not necessarily. For example, under Linux with a /proc filesystem: I just have to browse to /proc/<pid>/environ and look at it--of course, I would still need the correct permissions to read the environ pseudo-file. In any case, I wouldn't consider this safe since the environment isn't really a secure store.

    You can turn off echo on the tty in Perl just as easily as with stty:

    use Term::Readkey; ReadMode "noecho"; $password = <STDIN>; ReadMode "restore";
      Well, the permissions that you would need to pull that off (reading another user's environment from the /proc filesystem) are root permissions, and you've got to assume that absolutely anything you do can be evesdropped on by root, anyway.

      There's two classes of people that you can't avoid trusting (implicitly or explicitly):

      • root user (or anyone able to assume root)
      • anyone who has physical access to your machine
      They can see and interfere with anything you do. Granted, it may be very hard to pull off, but it can be done. This is why access control and physical security cannot be overemphasized.

      ------------
      :Wq
      Not an editor command: Wq

        Not all versions of Unix hide the contents of a user's environment from other users. On Solaris, for example, /usr/ucb/ps -augxwwwe will show you other users' processes' environment variables.

Re: How best to hide command-line arguments from ps command?
by tadman (Prior) on Nov 18, 2003 at 21:36 UTC
    While it's not 100% secure, you can always reassign the value of $0 first thing in your script. That's the variable that ends up controlling how your process shows up in the process listing.

    The MySQL shell client, for example, is careful to "x" out your password so that it doesn't show up in a process listing. What you see is something like mysql --username=foo --password=xxxxx instead of your actual password.

      This won't work on all platforms.

      -sauoq
      "My two cents aren't worth a dime.";
      
      A reply falls below the community's threshold of quality. You may see it by logging in.
Re: How best to hide command-line arguments from ps command?
by Taulmarill (Deacon) on Nov 18, 2003 at 21:05 UTC
    why not using
    print "Enter Password: "; my $password = <STDIN>;


    ---edit---
    oh, btw., you might whant to use chomp($password); to remove the \n at the end of the string.
Re: How best to hide command-line arguments from ps command?
by sgifford (Prior) on Nov 19, 2003 at 02:03 UTC

    While the details vary from Unix to Unix, in general arguments and environment are both considered public information. You can try to hide them right after you start up, but there will still be a time period when they are not hidden.

    The only way I know to do this safely is via a filehandle. You can do that with a pipe or a temp file. I think a pipe is the nicest way to do it. From the shell, you can use a "here document" to send the data directly over a pipe:

    #!/bin/sh echo "Enter Password:" stty -echo read PASSWD stty echo /tmp/t13.pl <<EOF $PASSWD EOF #!/usr/bin/perl sleep(5); $_=<>; chomp; print "Password is $_\n";
Re: How best to hide command-line arguments from ps command?
by waswas-fng (Curate) on Nov 18, 2003 at 23:08 UTC
    You can use the term echo off like they posted above or you can have a command line argument for a password file. the password file just contains a plain text password. You can then enter the password in the file and chmod it so that you are the only one that can read it. This allows non-interactive use of the script while still being flexible (ie not hardcoding a db password in the script). If permissions are set correctly on the file only you and root would be able to read it. If you are worried about root reading it you should go somewhere else and run your program because root can do and see anything.


    -Waswas
      You can then enter the password in the file and chmod it so that you are the only one that can read it.

      If you were to do something like this, you shouldn't chmod the file after creating it, but rather use a restrictive umask right off the bat. Otherwise, the file will be temporarily readable. This race condition would be almost impossible to exploit, but it should be avoided anyway.

      -sauoq
      "My two cents aren't worth a dime.";
      
      I do something like this, but as an extra step I have the program check the permissions on the file and refuse to use it if it's readable by anyone but the owner. It's too easy to negligently not set the correct permissions or change them incorrectly at some later point and having the program fail, with a message, helps to protect you here.
Re: How best to hide command-line arguments from ps command?
by zakzebrowski (Curate) on Nov 19, 2003 at 01:50 UTC
    You may want to look at search.cpan.org and type in password. Unfortunatly, without knowing what your requirements are (for os and such) it's hard to recommend specific modules. There are modules that support Pam authentication / Kerboes authentication / Read passwords from the terminal. Personally, I would tend to stay away from environment variables, since one could access the information if one had appropriate permissions on the box. (Also, keeping the correct permissions on all files for someone who is not 100% into linux / unix could be an issue... I've run into instances in the past where people "borrow" stuff out of your home directory, and it's not fun for anyone involved.)
    Cheers.


    ----
    Zak
    undef$/;$mmm="J\nutsu\nutss\nuts\nutst\nuts A\nutsn\nutso\nutst\nutsh\ +nutse\nutsr\nuts P\nutse\nutsr\nutsl\nuts H\nutsa\nutsc\nutsk\nutse\n +utsr\nuts";open($DOH,"<",\$mmm);$_=$forbbiden=<$DOH>;s/\nuts//g;print +;

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://308126]
Approved by insensate
Front-paged by bart
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (2)
As of 2024-03-19 07:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found