How to hide command line argument from ps
1,124 views
Skip to first unread message
Hoping White
Jun 21, 2016, 10:17:00 AM6/21/16
to golang-nuts
Hi, all
I wonder is there a way to hide command line arguments from programs like “ps”? I can rewrite argv parameter for main in c language, or use LD_PRELOAD to intercept libc_start_main, but all these methods do not be functional in go. Thanks.
I wonder is there a way to hide command line arguments from programs like “ps”? I can rewrite argv parameter for main in c language, or use LD_PRELOAD to intercept libc_start_main, but all these methods do not be functional in go. Thanks.
Konstantin Khomoutov
Jun 21, 2016, 10:36:40 AM6/21/16
to Hoping White, golang-nuts
It smells like you're passing some security-sensitive data to your
program. If yes, do not do that: pass it via stdin via any protocol
agreed-upon by both parties (a single LF-terminated UTF-8-encoded string
could be OK). If you need to use stdin to pass some other data, create
a socket pair (man 2 socketpair) in your host program, mark its read
end as exported on fork (or, alternatively, mark its write end as not
exported on fork -- this really depends on what language/runtime the
host is written in) -- to make the read end's file descriptor inherited
by your Go process, and pass the number of that file descriptor on the
command-line to the Go process. It will then convert it to a proper
socket value and read your security-sensitive data from there. (That's
what GPG does, for instance). If you need more details, ask away.
Otherwise, try looking at prctl(2) and its PR_SET_NAME.
Not sure if it works on all POSIX kernels as this call is not defined
by POSIX.
In any case, I should stress that any attempt of re-writing
command-line options as seen by `ps` for security is solving the problem
asswards.
Matt Harden
Jun 21, 2016, 10:39:41 AM6/21/16
to Hoping White, golang-nuts
It's generally a bad idea to try to improve security by hiding args. Much better to pass the argument another way, for instance via an open file descriptor that the program reads the value from.
On Tue, Jun 21, 2016, 07:16 Hoping White <baiha...@gmail.com> wrote:
Hi, all
I wonder is there a way to hide command line arguments from programs like “ps”? I can rewrite argv parameter for main in c language, or use LD_PRELOAD to intercept libc_start_main, but all these methods do not be functional in go. Thanks.
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Hoping White
Jun 21, 2016, 9:56:21 PM6/21/16
to Matt Harden, golang-nuts
Thanks for all the replies. I agree that there is a better way to do the security jobs. I ask this question just for curiosity, to find out if there is a equivalence way to do this in golang. From all the replies I assume there is a no.
Manlio Perillo
Jun 22, 2016, 3:17:48 AM6/22/16
to golang-nuts, matt....@gmail.com
It is possible to change the command line arguments, but how you do it is simply platform specific.
You can look at how Nginx or PostgreSQL do it, just to name a few programs that need to change the command line to help user identity the role of each child process.
Manlio
Manlio
Sean Russell
Jun 22, 2016, 9:32:48 AM6/22/16
to golang-nuts, matt....@gmail.com
On Tuesday, June 21, 2016 at 9:56:21 PM UTC-4, Lazytiger wrote:
> Thanks for all the replies. I agree that there is a better way to do the security jobs. I ask this question just for curiosity, to find out if there is a equivalence way to do this in golang. From all the replies I assume there is a no.
> Thanks for all the replies. I agree that there is a better way to do the security jobs. I ask this question just for curiosity, to find out if there is a equivalence way to do this in golang. From all the replies I assume there is a no.
Environment variables. github.com/namsral/flag implements a flags library that will populate flags from either command line args or environment variables at run time, and is a drop-in replacement for the standard flag library.
--- SER
Nick Craig-Wood
Jun 23, 2016, 8:01:06 AM6/23/16
to Sean Russell, golang-nuts, matt....@gmail.com
processes environment variables using /proc/PID/environ, eg
cat /proc/self/environ | tr '\000' '\n'
The permissions on these files are quite tight though, they are only
user readable, which means root or another process running as the same
user could read them.
--
Nick Craig-Wood <ni...@craig-wood.com> -- http://www.craig-wood.com/nick
Sean Russell
Jun 23, 2016, 8:45:38 AM6/23/16
to Nick Craig-Wood, golang-nuts, matt....@gmail.com
> On Jun 23, 2016, at 8:00 AM, Nick Craig-Wood <ni...@craig-wood.com> wrote:
>
> Environment variables are quite insecure too. On linux you can read any
> processes environment variables using /proc/PID/environ, eg
Env variables are more secure than ps, which is what your question asked.
>
> Environment variables are quite insecure too. On linux you can read any
> processes environment variables using /proc/PID/environ, eg
Maybe a linux forum would have a better answer, since this isn’t a problem specific to go.
— SER
Reply all
Reply to author
Forward
0 new messages