HPE Community
Operating System - HP-UX
1838291 Members
4103 Online
110125 Solutions
New Discussion

Hide Password from ps ..

 
SOLVED
Go to solution
someone_4
Honored Contributor

‎02-27-2006 02:29 AM

‎02-27-2006 02:29 AM

Hide Password from ps ..

Hey everyone ..

I noticed another post asking how to hide a password in a flat file.

But I was wondering how you would go about hiding a password that is part of an options -Ppassword, from showing up in a ps -ef.

Richard
0 Kudos
Reply
5 REPLIES 5
James R. Ferguson
Acclaimed Contributor

‎02-27-2006 02:31 AM

‎02-27-2006 02:31 AM

Solution

Re: Hide Password from ps ..

Hi Richard:

You wouldn't if the password was merely a clear-text argument as you suggest. In fact, that's why memory dumps are regarded as sensitive, too.

Regards!

...JRF...
Reply
Peter Godron
Honored Contributor

‎02-27-2006 02:44 AM

‎02-27-2006 02:44 AM

Re: Hide Password from ps ..

Richard,
make the -P parameter the last in a long list of parameters.
Most casual users would not know how to get past the default length displayed by ps.
ps will only show you a certain number of characters.
Not perfect, but should stop normal users.
0 Kudos
Reply
Robert Fritz
Regular Advisor

‎02-28-2006 04:14 AM

‎02-28-2006 04:14 AM

Re: Hide Password from ps ..

I know over time, there has been effort to provide command-line options to read froma file and stdin options to HP-UX commands to address exactly this concern. The plan, in the cases I'm familiar with was to deprecate the -P options.

What command isn't giving you an option to use stdin/file? What version of HP-UX are you on?
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

‎02-28-2006 05:38 AM

‎02-28-2006 05:38 AM

Re: Hide Password from ps ..

I had a similar issue in one of our clients, and we removed the execute permission for all users for the ps command. Only administrator could run the ps command.

You could also create an alias to the ps command to do a grep -v of the process that shows the password, and then, alias the alias command so it cannot be changed.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Robert Fritz
Regular Advisor

‎02-28-2006 06:14 AM

‎02-28-2006 06:14 AM

Re: Hide Password from ps ..

I'm thinking that messing with the ps binary won't help. The data it parses is readable by anyone. If you did that, someone could just copy an unmodified "ps" binary into their home dir, and run it as before.
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.