How does ps know to hide passwords?

security ps arguments

14,634

Solution 1

ps does not hide the password. Applications like mysql overwrite arguments list that they got. Please note, that there is a small time frame (possible extendible by high system load), where the arguments are visible to other applications until they are overwritten. Hiding the process to other users could help. In general it is much better to pass passwords via files than per command line.

In this article it is described for C, how to do this. The following example hides/deletes all command line arguments:

#include <string.h>

int main(int argc, char **argv)
{
    // process command line arguments....

    // hide command line arguments
    if (argc > 1) {
        char *arg_end;    
        arg_end = argv[argc-1] + strlen (argv[argc-1]);
        *arg_end = ' ';
    }

    // ...
}

Look also at https://stackoverflow.com/questions/724582/hide-arguments-from-ps and https://stackoverflow.com/questions/3830823/hiding-secret-from-command-line-parameter-on-unix .

Solution 2

The mysql program replaces the password from the command line with x in this line of code:

while (*argument) *argument++= 'x';     // Destroy argument

14,634

dotancohen

Updated on September 18, 2022

Comments

dotancohen almost 2 years
Witness:
```
$ ps f
  PID TTY      STAT   TIME COMMAND
31509 pts/3    Ss     0:01 -bash
27266 pts/3    S+     0:00  \_ mysql -uroot -p
25210 pts/10   Ss+    0:00 /bin/bash
24444 pts/4    Ss     0:00 -bash
29111 pts/4    S+     0:00  \_ tmux attach
 4833 pts/5    Ss+    0:00 -bash
 9046 pts/6    Ss     0:00 -bash
17749 pts/6    R+     0:00  \_ ps f
 4748 pts/0    Ss     0:00 -bash
14635 pts/0    T      0:02  \_ mysql -uroot -px xxxxxxxxxxxxxxxx
16210 pts/0    S+     0:01  \_ mysql -uroot -px xxxxxxxxxxxxxxxx
```
How did ps know to hide the mysql passwords? Can I incorporate this into my own scripts to hide particular CLI attributes?
- dotancohen almost 11 years
  
  Thank you, that is an informative document. I'll see about how I might overwrite cli arguments in my own scripts.
- Drav Sloan almost 11 years
  
  @manatwork I would put that as an answer, because that is exactly what is happening - and it's a useful link for security issues regarding mysql. :)
- Gilles 'SO- stop being evil' almost 11 years
  
  Note that while command line arguments can be snooped, environment variables are safe.
dotancohen almost 11 years

Very nice, thanks. I did not realize that the arguments are mutable as such.
ash almost 11 years

Also note that not all programs will do this with passwords.
schemacs over 10 years

The link to this article is broken. Anyone to explain the code for me?(Why the code work, just set \0 to space?) Any link to setproctitle()?
schemacs over 10 years

Or the answer lies here?
wizzwizz4 almost 7 years

Unfortunately, that's not as secure as it could be. You can tell how long the password is. It's better to replace it with \0 so that you need extra information to find the password length (without UB / SEGFAULT).