Hi,

I've got a command that runs with sensitive arguements. Basically it is lynx with the -auth=username:password as an arguement (as well as the URL it's authing with)

I use to run this in a cronjob since it needs to be run periodically, however, I found it shows up in ps output when running. This is a security risk as users logged on the machine shouldn't see this if they run a ps command. Sensitive arguements and all.

I've got an option here, add another machine on the network that can run this command, or, somehow hide this command.

I've tried putting the command in a bash script, but the items just run as a sub-process to the bash script.

I also wrote a pretty simple application in C that uses system() and it still just spawns a sub-shell like this:
root 2400 0.0 0.1 2664 548 pts/1 S+ 16:46 0:00 | \_ ./sync.bin
root 2401 0.0 0.0 1660 464 pts/1 S+ 16:46 0:00 | | \_ sh -c sleep 5; killall sync.bin
root 2403 0.0 0.0 1660 476 pts/1 S+ 16:46 0:00 | \_ sh -c PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin lynx -source -auth=user:pass 'http://website'>>/var/log/syncout.log

Is there any way I can -prevent- this from showing in PS output in any way? Seems there must be a way.

If anyone can help me out, I'd appreciate it!

lynx -source -auth=`< user.txt`:`< pass.txt` 'URL'

Try plugging into something like that. And obviously give user.txt & pass.txt (400) permissions some attention.

i believe md5 has this scheme where you have your passphrase argument in brackets and it doesn't show up in ps.

md5 <passphrase> -some other arguments, etc. etc.

maybe its int main() might have a few hints.

Hi,

Thanks for the advice everyone.

Here's what seems to work wonders.


lynx `< /opt/credentials` 'http://dynamic.zoneedit.com/auth/dynamic.html?host=uberleet.org' >> /dev/null 2>&1

Where the file /opt/credentials has the following contents:

-auth=username:password


Then, chmod the file 400, run the command as root, presto, obscured credentials. Seems to be the easiest way.