in reply to Handling passwords and sensitive data

The mysql client docs describe an ad hoc way to get rid of this (of course, this client does not force you to use the command line option for the password either). It simply deletes @ARGV right after initialization! 
@ARGV=();

[download]
after you've extracted the relevant information of course- or just copy it to a different array. (I give no personal guarantees that this works with Perl, though, since I only know this to work under C.) Of course, this still may leave a millisecond or too where Bob Schnob can still execute ps aux and get your passwd, but the chances that he'll be able to synchronize are slim. FYI, FIPS (1989) explicitly prohibits unprivileged users to see ANY other users' ps table- but we all know that a ps aux is all it takes to see that Bob Schnob is downloading porn again. In fact, I see this as a security risk (obviously, others don't) and I would love to see a kernel with at least an option to hide the process tables from prying eyes. Unfortunately, Linux kernel code hacking would turn my head inside out, so I'll leave it to the folks who know what's going on. If I've missed yet another kernel update in which this is implemented, I'd be much obliged to be informed. Thanx.
AgentM Systems nor Nasca Enterprises nor Bone::Easy nor Macperl is responsible for the comments made by AgentM. Remember, you can build any logical system with NOR.

Replies are listed 'Best First'.
Re: Re: Handling passwords and sensitive data
by Fastolfe (Vicar) on Jan 28, 2001 at 02:22 UTC
    I would love to see a kernel with at least an option to hide the process tables from prying eyes. Unfortunately, Linux kernel code hacking would turn my head inside out, so I'll leave it to the folks who know what's going on.

    Sorry, this isn't very Perl-ish, but to offer an answer to this, it may be as simple as this: 

    --- linux/fs/proc/base.c.orig Sat Jan 27 15:18:24 2001
+++ linux/fs/proc/base.c      Sat Jan 27 15:19:19 2001
@@ -497,3 +497,3 @@
   E(PROC_PID_STATUS,   "status",       S_IFREG|S_IRUGO),
-  E(PROC_PID_CMDLINE,  "cmdline",      S_IFREG|S_IRUGO),
+  E(PROC_PID_CMDLINE,  "cmdline",      S_IFREG|S_IRUSR),
   E(PROC_PID_STAT,     "stat",         S_IFREG|S_IRUGO),

    [download]
    Of course, I don't have a Linux system I'm willing to test this with, and I don't know if it will break any other /proc-based tools or 'ps' itself if it can't read the command line for processes the user doesn't owns. I'd be interested in seeing if that works though.

    An interesting variation would be to use S_IFREG|S_IRUSR|S_IRGRP, which would give users in the same group the ability to see the command line as well, but nobody else.

[reply]
[d/l]
[select]
Re (tilly) 2: Handling passwords and sensitive data
by tilly (Archbishop) on Jan 28, 2001 at 02:05 UTC
    A brief test shows that this does not work in Perl. But eg's suggestion of assigning to $0 does.
[reply]

In Section Seekers of Perl Wisdom