LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-15-2009, 02:04 AM   #1
bhagirathi
LQ Newbie
 
Registered: Jul 2009
Posts: 4

Rep: Reputation: 0
how to Hide Passwords From UNIX ps Command


Hi,
By reporting the process status with ps, any Unix user will see the command line arguments
#ps -ef
UID PID PPID C STIME TTY TIME CMD
lsc 13837 13825 0 May 11 pts/17 0:01 -ksh
oracle 4698 6294 0 12:00:40 ? 0:00 sqlplus -s system/manager
appluser 4229 4062 0 12:00:03 ? 0:00 sqlldr scott/tiger

So this is a security issue.
1.How the password should not be stored in a shell environment variable
 
Old 09-15-2009, 11:08 AM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
What version of Oracle are you using? ... how about using Oracle Wallet?


cheers
 
Old 09-16-2009, 12:41 AM   #3
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Ubuntu 12.04, Antix19.3
Posts: 3,797

Rep: Reputation: 282Reputation: 282Reputation: 282
How do you think that the system knows that the data that you submit contains a password? For the system it's just a bunch of arguments.

So my guess is that it needs to be solved at the application level (sqlplus, sqlldr) and that you can not solve it at the system level without "hacking" the ps command. You can e.g. create a ps-script that ignores the -f option. But on my Slackware 10.1 box, man ps states that ps reads /proc and when I (as a normal user) start digging in there I will still find the full commandline.
 
Old 09-16-2009, 12:43 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
As an aside, it's possible on FreeBSD systems to hide other users' processes via a sysctl MIB (security.bsd.see_other_uids). Very cool feature, and I wish there were something comparable in the Linux world.

Anyway, that's neither here nor there. I agree that OP will need to solve this at the application level. The exact way to solve it depends on the app. (I've worked around a similar sqlplus issue by going so far as to hardcode auth credentials in a C program.)
 
Old 09-20-2009, 07:23 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by Wim Sturkenboom View Post
How do you think that the system knows that the data that you submit contains a password? For the system it's just a bunch of arguments.
How the system "knows"/sees/interpretes things isn't the point. It's about the act of leaking passwords.


Quote:
Originally Posted by Wim Sturkenboom View Post
You can e.g. create a ps-script that ignores the -f option.
Cludges like that should not be offered unless there's no alternative. Anyone know you can easily bypass scripts like that and besides it's not a best practice for polluting the system with more and unnecessary maintenance items.


Quote:
Originally Posted by anomie View Post
As an aside, it's possible on FreeBSD systems to hide other users' processes via a sysctl MIB (security.bsd.see_other_uids). Very cool feature, and I wish there were something comparable in the Linux world.
That shouldn't need to be presented as "just an aside" IMHO: as a type of solution non-kludgy privilege separation definately is valid. And actually there is: denying UIDs to see other users processes is one of the features of GRSecurity. Of course that requires kernel patching and compilation or using a distribution that provides stock kernels patched with it like for instance Gentoo.


Quote:
Originally Posted by bhagirathi View Post
How the password should not be stored in a shell environment variable
Working with Oracle means having access to rather large knowledge bases all over the 'net. Different posts / pages offer different options. See for instance http://www.orafaq.com/faq/can_one_pr..._process_table, http://www.jlcomp.demon.co.uk/faq/hide_password.html, http://www.dbforums.com/oracle/16163...le-server.html.
 
Old 09-20-2009, 10:07 AM   #6
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Ubuntu 12.04, Antix19.3
Posts: 3,797

Rep: Reputation: 282Reputation: 282Reputation: 282
My interpretation of the question, based on the title and the content of the post, was that the OP wanted to hide the specific data that is entered on the command-line from the ps command that revealed it.

Therefore I still consider my first comment as fully valid. I understand that this is about leaking passwords.

I also made very clear that modifying the ps command in some way (I mentioned script but it could be a rewriting of the command as well) will not help against a dedicated person as the data is still available.
 
Old 09-20-2009, 10:36 AM   #7
fpmurphy
Member
 
Registered: Jan 2009
Location: /dev/ph
Distribution: Fedora, Ubuntu, Redhat, Centos
Posts: 299

Rep: Reputation: 62
This topic has been discussed many times on many forums.

Here is a pointer to several ways of hiding the username and password http://www.jlcomp.demon.co.uk/faq/hide_password.html
 
Old 09-20-2009, 11:23 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by fpmurphy View Post
This topic has been discussed many times on many forums.
You may experience reading / echoing problems. I already posted something along the lines of that including the URI you posted.
 
Old 09-21-2009, 01:01 PM   #9
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn
That shouldn't need to be presented as "just an aside" IMHO: as a type of solution non-kludgy privilege separation definately is valid. And actually there is: denying UIDs to see other users processes is one of the features of GRSecurity. Of course that requires kernel patching and compilation or using a distribution that provides stock kernels patched with it like for instance Gentoo.
That's a good point -- MAC / RBAC can solve this problem properly on Linux systems.

I need to take a few weekends to really learn selinux, and write a targeted policy for ps(1). (I think grsecurity is very slick, but AFAIK it's not an option in my case -- RHEL with support.)
 
Old 09-21-2009, 05:21 PM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by anomie View Post
I need to take a few weekends to really learn selinux, and write a targeted policy for ps(1).
Awesome goal. When you get there please consider a write-up for LQ? I'd venture though Fedora, considering the improvements Dan Walsh provides, may present a way easier (malleable) platform to fiddle with compared to RHEL(-alikes)...
 
Old 09-21-2009, 05:43 PM   #11
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn
When you get there please consider a write-up for LQ?
Absolutely. This will be a good use of time (assuming I can put together something respectable).
 
Old 09-22-2009, 09:29 AM   #12
fpmurphy
Member
 
Registered: Jan 2009
Location: /dev/ph
Distribution: Fedora, Ubuntu, Redhat, Centos
Posts: 299

Rep: Reputation: 62
[quote]That's a good point -- MAC / RBAC can solve this problem properly on Linux systems.
I need to take a few weekends to really learn selinux, and write a targeted policy for ps(1).[quote]

Humm, I think you may have a hard time doing that. Currently Fedora, Redhat and others use type
targeted policy i.e. every subject and object runs in unconfined_t domain except for those with a
define policy.
 
Old 09-25-2009, 01:28 PM   #13
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
@fpmuphy: Yeah, that appears to be true. (For example, my Fedora 11 system was "targeted" after a default install.)

I haven't researched this enough yet to know how feasible it will / will not be.

-------

edit: I'd add that I don't know or understand selinux well. (If I didn't make that clear earlier in the thread, I will now.)

Next, I get a book, read, understand, evaluate the problem again, make a decision about how/whether it can be implemented, etc.

Last edited by anomie; 09-25-2009 at 01:37 PM.
 
Old 10-20-2009, 04:43 PM   #14
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by anomie
Next, I get a book, read, understand, evaluate the problem again, make a decision about how/whether it can be implemented, etc.
Unfortunately, I haven't made time to look into this properly yet. I did get a Fedora 12 Beta release announcement email today, and this caught my attention:
Quote:
* SELinux sandbox - It is now possible to confine applications' access
to the system and run them in a secure sandbox that takes advantage of
the sophisticated capabilities of SELinux. Dan Walsh, SELinux developer
at Red Hat, explains the details at
http://danwalsh.livejournal.com/31146.html
That may be promising (or it may be a dead end, since AFAIK ps(1) requires access to the /proc pseudo-filesystem). In any event, something new to tinker with to try to address this problem.
 
Old 10-20-2009, 05:07 PM   #15
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Yes, he has been tinkering with that since his "X guest" posts. The release speed of SELinux features in Fedora is one of the things it has over RHEL and derivatives.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Script passwd command by reading passwords from a file redleg7 Linux - General 1 01-12-2009 10:57 PM
LXer: Updating Unix And Linux Passwords Via The Web Browser LXer Syndicated Linux News 0 12-15-2008 04:30 AM
Synchronise Samba and UNIX passwords? raghu_narva Linux - Networking 1 08-18-2008 12:58 PM
Hide directories on Unix anhtt Linux - General 5 08-06-2007 03:41 PM
Making apache .htaccess use unix passwords Mikessu Linux - Networking 0 07-01-2004 02:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration