ps may show passwords entered on the command line in the clear.
For example:
|
1 2 3 4 5 6 7 8 |
$ ./cheesy_app -u user -p password & [1] 13301 $ ps PID TT STAT TIME COMMAND 5280 p0 S 0:00.08 -bash 9784 p0 R+ 0:00.00 ps 13301 p0 S 0:00.01 /bin/sh ./cheesy_app -u user -p password |
Try really hard not to use passwords on the command line.
Really. Don’t do that.
Many applications that provide a -p or similar switch will also prompt you if a password required and you do not provide it on the command line.
That’s great for interactive use, but not so great in scripts.
You may be tempted to write a trivial “wrapper” script or an alias to try and encapsulate the password on the command line.
Unfortunately, that won’t work since the command is eventually run and so ends up in the process list anyway.
If the command can accept the password on STDIN, you may be able to pass it in that way.
That creates other problems, but at least avoids displaying the password in the process list.
|
1 |
$ ./bad_app ~.hidden/bad_apps_password |
If that won’t work, you’ll need to either find a new app, patch the one you are using, or just live with it.
