HPE Community
Operating System - HP-UX
1825715 Members
3135 Online
109686 Solutions
New Discussion

Re: How to hide the password from showing in the PS command

 
skt_skt
Honored Contributor

‎01-14-2008 08:57 AM

‎01-14-2008 08:57 AM

How to hide the password from showing in the PS command

How to hide the password from showing in the PS command (ps -aex | grep -i patteren) when the utilities like FNDLOAD or the FNDFFCHY are run from the command prompt?

"Some operating systems have settings that will only let users see their own processes in ps. FreeBSD 4.x can be set to behave in this fashion by
setting sysctl kern.ps_showallprocs to 0. FreeBSD 5.x has sysctls security.bsd.see_other_uids and security.bsd.see_other_gids that can both
be set to 0 for the same effect.

Linux needs kernel patches to accomplish this, like grsecurity, as one example."

if there is any equivalent kernel setting in UNIX or any alternate method to get this done?

We have already tried with compiling with hide.c . But is it NOT supported for FND programs.

0 Kudos
8 REPLIES 8
Steven E. Protter
Exalted Contributor

‎01-14-2008 10:38 AM

‎01-14-2008 10:38 AM

Re: How to hide the password from showing in the PS command

Shalom,

This is a new one on me.

What is a password form?

ps is a command that reads the process table. All users are permitted to read this table. What a user can modify is determined by ownership.

Please define the problem better and get some better help.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
skt_skt
Honored Contributor

‎01-14-2008 10:41 AM

‎01-14-2008 10:41 AM

Re: How to hide the password from showing in the PS command

There are some configuration file used by this programs where the passord is feeded.So those passwords are appearing in clear text when grepped using ps command.
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎01-14-2008 11:02 AM

‎01-14-2008 11:02 AM

Re: How to hide the password from showing in the PS command

There is no equivalent in HPUX nor should there be; ps works as intended; the security risk is not in ps but in your methodology. Passwords should not be passed as command line arguments because of the very thing that you have found. It's much better to pass them as a line of input. One possible workaround is to pass your password at the end of a very long list of command line arguments because there is an 80 character limit to the list of arguments that ps displays BUT that can be patched and the limit depends upon the OS release and can and will change without notice.
If it ain't broke, I can fix that.
0 Kudos
Geoff Wild
Honored Contributor

‎01-14-2008 12:09 PM

‎01-14-2008 12:09 PM

Re: How to hide the password from showing in the PS command

I agree with Clay - methodology is wrong.

If you must use hard coded passwords, try setting them as environmental variables...

IE - store them in a file, then read it into a variable in a script, then pass that variable on the command line:

/some/program -password $MYPASSWORD

Or what ever....

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
OldSchool
Honored Contributor

‎01-14-2008 12:23 PM

‎01-14-2008 12:23 PM

Re: How to hide the password from showing in the PS command

GW
shell vars don't work for this as they get expanded before the command is executed. so the buffered command line shown by "ps" still has it.

if the app can prompt for the password, then a "here-doc" might work.

Since these are oracle utils, I'm making the rash assumption that its being run from another user (thus requiring the password). If thats the case, sudo might be an option as well
0 Kudos
TwoProc
Honored Contributor

‎01-14-2008 02:29 PM

‎01-14-2008 02:29 PM

Re: How to hide the password from showing in the PS command

This is a case of blaming the wrong person/tool/entity.

"ps" just shows what's available to it. It doesn't even *know* that it is showing you the arguments to "fndload", at least not in particular. It just finds every program and shows the command line argument.

Oracle (whose tool it is your referring to), needs to fix this. Upon launching their program, they should be accessing the PSP and figuring what is in their that is confidential and removing it. Oracle does it for some programs, but not others. They need to be consistent. But, you need to log this request with Oracle, not your Unix vendor.
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
skt_skt
Honored Contributor

‎01-14-2008 04:25 PM

‎01-14-2008 04:25 PM

Re: How to hide the password from showing in the PS command

yes, we are working with Oracle too.
0 Kudos
skt_skt
Honored Contributor

‎02-17-2008 06:00 PM

‎02-17-2008 06:00 PM

Re: How to hide the password from showing in the PS command

closing..
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.