ps and security

A post by Scott James Remnant describes how to hide command-line options from PS output. It’s handy to know that but that post made one significant implication that I strongly disagree with. It said about command-line parameters “perhaps they contain sensitive information“. If the parameters contain sensitive information then merely hiding them after the fact is not what you want to do as it exposes a race condition!

One option is for the process to receive it’s sensitive data via a pipe (either piped from another process or from a named pipe that has restrictive permissions). Another option is to use SE Linux to control which processes may see the command-line options for the program in question.

In any case removing the data shortly after hostile parties have had a chance to see it is not the solution.

Apart from that it’s a great post by Scott.

Comments are closed.