Hiding password from ps

Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Hiding password from ps
# 1  
Old 04-02-2002
Question Hiding password from ps

I'm calling a program with a command line arguement containing a password. while the process is running anyone on the system can ps -ef and see the password. Is there a way to prevent this from happening.



I've also tried
PROGRAM `cat passfile`

with passfile containing USERNAME/PASSWD
but it still appears

Anyway around this?
The program I'm calling is CONCSUB if anyone is familiar with Oracle Apps. And unfortunately it doesn't seem to have an interactive mode but only accept command line arguements.
# 2  
Old 04-02-2002
call them using c file maybe?
urfile.c contain:
#include <stdio.h>
main(){ system(" program username/passwd "); }

and then
cc -o urfile urfile.c
then ./urfile
# 3  
Old 04-03-2002
Sounds like a homework question, but since you posted your work. I may help you.

Ordinarily homework is strictly forbidden on this site.

You must give more info first. What Operating System, what shell are you using, what programming language are you using.

If it is ksh or sh or bash, put the password in a file and call the file from the command line. Most types of scripting will support this function.

OR you might put the whole thing in file and make it executable "chmod 755 filename" and the "./filename" to execute it.

What is the purpose of the is assignment. Are you just changing a user's password and that's it or are you using a password for a program?

That would be helpful as well.

And in the future, try not to post homework, if this is that.

# 4  
Old 04-03-2002
Well it's a work/work rather than homework question so I hope that's acceptable.
Here's the background( not at work today so I don't know some stuff off top of my head).
HPUX (10.3 I think)
The commands is in either ksh or sh script.
The program is CONCSUB it basically submits a program name to oracle's concurrent manager which then executes it.

so the line in the ksh script looks like this

where $USERPASS is username/password for the database(also tried it being `cat .userpass` with same results(.userpass file contained username/password))
and $ORCLPROG is the name of the program to be executed.

The purpose is to avoid having anyone else on the machine being able to see this username and password by simply executing the ps -ef command.

I'll try the 'c' program tomorrow.

Thanks again for the help.

Last edited by Yogesh Sawant; 08-11-2010 at 01:17 AM.. Reason: added code tags
# 5  
Old 04-03-2002
change permissions on ps command

Actually you can do a chmod 500 /usr/bin/ps at the beginning of the script and a chmod 555 /usr/bin/ps at the end of the script.

If that is acceptable for your box.
# 6  
Old 04-04-2002
Well, the C program may not work.
Check this out:
$ cat test.c
#include <stdio.h> 
main(){ system(" sleep 1234 "); } 

$ gcc -o test1 test.c
$ ./test1 &
[1] 7718
$ ps -ef
< snipped for brevity >
me      7718  7241  0 00:19 pts/1    00:00:00 ./test1
me      7719  7718  0 00:19 pts/1    00:00:00 sleep 1234
me      7720  7241  0 00:20 pts/1    00:00:00 ps -ef

Will this aplication prompt you for a password if you don't supply one on the command line (like sqlplus)?
In that case, you might be able to use a shell script:
/path/to/CONCSUB <<EoF
another command

This may or may not work though. Either way, though, make sure you lock down permissions on the file so one one but you can read it. The commands passwords will be left in pleain text in the script and also in the compiled C program.
# 7  
Old 04-04-2002
HP-UX stores the command line in a buffer and makes it available to all users via the pstat() system call. So disabling ps is not enough.

That buffer, like all buffers, is finite. So
ln -s /path/to/CONCSUB longname
should work. Of course, "longname" isn't long enough. You will need a 64 character name.

As to storing the password in a file, her is an alternative:
#! /usr/bin/ksh

print -n password -
stty -echo
stty echo

With this, the script just asks the user for the passwordeach time it runs.

Last edited by Yogesh Sawant; 08-11-2010 at 01:18 AM.. Reason: added code tags
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Password hiding in UNIX

Hi guys, I use STTY command to make the password invisible. Now I need to write the password into another file pwd.txt, but in an invisible manner, something like ******. Another thing is to when I echo the content of pwd.txt I get the password I actually typed. Thanks guys. Help me out. (5 Replies)
Discussion started by: mohanalakshmi
5 Replies

2. Shell Programming and Scripting

Remote call not hiding password fields

Not sure on the description, but here is a quick rundown. I have 2 servers, we'll call them serverA serverB On serverB, I am calling a script that inside it has the following: ssh srvdsadm@serverB sudo -u dsadm /opt/apps/DataStage/scripts/autoDeploy.sh ${projName} ${subProjVar}... (1 Reply)
Discussion started by: cbo0485
1 Replies

3. Shell Programming and Scripting

Scripting help/advise on hiding/masking username/password

Hi, I currently have a UNIX script with a function that uses a username and password to connect to the database, retrieve some information and then exit. At the moment, am getting the username and password from a hidden plain text file and permission set to -r--------, i.e. read only to who... (1 Reply)
Discussion started by: newbie_01
1 Replies

4. Programming

C++ overriding Vs hiding

class B { public: void fns(void){//base def;} }; class D:public B { public: void fns(void) {//new def;} }; I was thinking the above is overriding but somewhere else i found the above is just hiding.Only virtual functions can be considered as overriding? This is the exact statement ... (1 Reply)
Discussion started by: johnbach
1 Replies

5. UNIX for Dummies Questions & Answers

New Approach Hiding login password from ps -ef

Hello all , I looked up this site for solutions to hide login info from ps -ef | grep like using a seperate file and store the password in that especially for oracle sqlplus scripts. I just got this thought , But dont know how to implement this in UNIX. Is there a way to revoke access from... (17 Replies)
Discussion started by: simonsimon
17 Replies

6. UNIX for Dummies Questions & Answers

Hiding Password

Hello. A bit of a puzzle here: I have a 3rd party executable, which requires the following parameters: parm1 = program_name, parm2=userid/password, parm3=additional flags. We tried passing password as a variable, but you can do grep, and see what the password actually is I found a bit... (2 Replies)
Discussion started by: Kishinevetz
2 Replies

7. Shell Programming and Scripting

Hiding the Directory

Hi, I have a directory i want to just hide this directory. Could you please tell me the command to hide directory. (2 Replies)
Discussion started by: shivanete
2 Replies

8. Shell Programming and Scripting

Hiding password for FTP in a script

Hi, I have a simple script to ftp from unix to a mainframe to get and put files. Currently I have the password setup in a VARS file and dereference the var in my script. Doing it this way allws me to change the password in only one place but it is still viewable for many people. Is there any... (6 Replies)
Discussion started by: Cass3
6 Replies

9. UNIX for Dummies Questions & Answers

Hiding login/password in process!

Hello, I am trying to figure out away to hide a command from users when performing a ps check. I have a ksh that purges a table in a database. If I perform a >ps -eaf |grep ksh, I get the login id and password. I do not want other users seeing this. Is there a way to hide this. The login... (5 Replies)
Discussion started by: ctcuser
5 Replies

10. IP Networking

Hiding an IP address

Is there anyone who knows how to hide an IP from being logged by the site you are visiting. I know of some paid companies but I am looking for a different solution. Is there some way in UNIX to mask the ip. Help this is urgent. Datopdog (1 Reply)
Discussion started by: datopdog
1 Replies
Login or Register to Ask a Question