Hide password in AIX

6 views
Skip to first unread message

KC

unread,
Oct 1, 1999, 3:00:00 AM10/1/99
to
Hi all,

We used the following tricks to hide password on command line on
HPUX:
1. Create a shell environemt var for system password, eg.
SYS_PASS=manager
2. Run a sqlscript, eg. $sqlplus system/$SYS_PASS @sql_script

But the same trick used on AIX would reavel naked password for the user.
Is there any good way of hiding password?

Thanks,
Kevin

Brian Peasland

unread,
Oct 1, 1999, 3:00:00 AM10/1/99
to
Put the password in a file. Make that file read only for the owner of
the file. Then use:

sqlplus system @sql_script < passwordfile

This will hide the password from the ps -ef command

HTH,
Brian

robie

unread,
Oct 1, 1999, 3:00:00 AM10/1/99
to
>Is there any good way of hiding password?
>
>Thanks,
>Kevin
>
>
This works under HPUX, don't know about other unixes.

Regards,
Rob.

/*--------------------------------------------------------------------------
-+
| Copyright (c) 1992 Oracle Corporation Belmont, California, USA |
| All rights reserved |

+---------------------------------------------------------------------------
*/
/*--------------------------------------------------------------------------
-+
| FILENAME |
| hide.c |
| DESCRIPTION |
| Hides arguments for programs on UNIX systems. |
| Can be used as a program prefix: hide program arguments
|
| or as a symbolic link. If this program is not invoked as hide, it
|
| will hide its arguments and invoke the program name.hide
|
| The best way to use this is to rename your critical programs to
|
| program.hide, and create a symbolic link program to hide.
|
| mv sqlplus sqlplus.hide; ln -s hide sqlplus
|
| Thus when sqlplus is invoked, its arguments will be hidden
|
| NOTES |
| This program works by padding 3000 '/' chars in argv[0]. This fools
|
| all known ps's. This will reduce the argument capacity of your
|
| program by 3000 chars. A good enhancement would be to reduce the
|
| padding if needed so that no arguments are lost - would require a
|
| method of determining the max argument size on the system. Some
|
| system's provide the E2BIG error on exec.
|
| There is some performace penalty for using this program, but it is
|
| minimal because this program is so small - the biggest cost is the
|
| extra exec required to get this program started.
|
| HISTORY |
| 09/15/92 R Brodersen Created, based on D Beusee's hideargs()
|
| 09/17/92 D Beusee Fixed to compile on any system
|

+---------------------------------------------------------------------------
*/

/*
* $Header: /local/bin/RCS/hide.c,v 1.6 1992/09/22 22:37:17 dbeusee Exp $
*
* $Log: hide.c,v $
* Revision 1.6 1992/09/22 22:37:17 dbeusee
* Added exit(1) when cannot execvp the program.
*
* Revision 1.5 1992/09/22 11:28:44 dbeusee
* SOme BSD systems have memset(), so add a #define memset MEMSET to fix
* compilation errors (like on ultrix).
*
* Revision 1.4 1992/09/22 06:34:57 dbeusee
* BSD systems need memset routine.
*
* Revision 1.3 1992/09/22 06:05:13 dbeusee
* Set JUNK_CHAR to ' ' but force last junk char to '/'. This looks
prettier
* when doing 'ps'. Also do not show full path of the program. Also do not
* show .hide if prog is a symlink to hide.
*
* Revision 1.2 1992/09/22 05:52:26 dbeusee
* If hide could not execvp the program, give an error message.
* if hide was invoked with a full path (e.g. /usr/local/bin/hide),
* do not try to invoke PATH/hide.hide.
*
*
*/

#include <stdio.h>
#ifdef SYS5
#include <string.h>
#else
#include <strings.h>
#define strrchr rindex
#define memset MEMSET /* some BSD systems have a memset() */
char *memset();
#endif
#define JUNK_SIZE 80
#define JUNK_CHAR ' '

char arg0buf[4096];
char progbuf[4096];
char errbuf[4096];

int main(argc, argv)
int argc;
char *argv[];
{
char *name, *base;
int firstarg;

if (!(name = strrchr(argv[0], '/')))
name = argv[0];
else
name ++; /* get past '/' */

firstarg = (!strcmp(name, "hide")) ? 1 : 0;

if (firstarg && (argc == 1))
{
fprintf(stderr, "Usage: hide program arguments\n");
fprintf(stderr, " ie: hide sqlplus username/password\n");
fprintf(stderr, "if hide is not named hide, \
it will execute name.hide (useful as a symbolic link)\n");
exit(1);
}

/* Build program name. If symbolic link mode, use argv[0] || .hide */
strcpy(progbuf, argv[firstarg]);
if (!(base = strrchr(argv[firstarg], '/')))
base = argv[firstarg];
else
base ++; /* get past '/' */
if (!firstarg) strcat(progbuf, ".hide");

/* Build arg0 buffer. First, fill it with junk */
memset((void *)arg0buf, JUNK_CHAR, JUNK_SIZE);
arg0buf[JUNK_SIZE-1] = '/'; /* set last char to '/' */
/* Prepend real program name - so ps can see what prog is running */
strncpy(arg0buf, base, strlen(base));
/* Append real program name - so prog can see what prog is running */
strcpy(arg0buf + JUNK_SIZE, argv[firstarg]);
/* Assign new arg0 buffer to the argv array */
argv[firstarg] = arg0buf;

/* Start the new program with the shifted arguments */
execvp(progbuf, argv + firstarg);

sprintf(errbuf, "Could not execvp '%s'", progbuf);
perror(errbuf);
exit(1);
}

#ifndef SYS5
char *
memset(s, c, n)
register char *s;
register c, n;
{
register char *p = s;

while (n-- > 0)
*s++ = c;

return (p);
}
#endif /* ifndef SYS5 */


Reply all
Reply to author
Forward
0 new messages