How does MySQL hide the command line password in ps?

I saw this question asked today, and thought I’d write a quick post about it.
Giving passwords on the command line isn’t necessarily a fantastic idea – but you can sort of see where they’re coming from. Configuration files and environment variables are better, but just slightly. Security is a night mare!

But if you do decide to write an application which takes a password (or any other sensitive information) on the command line, you can prevent other users on the system from easily seeing it like this:

#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>

int main(int argc, char *argv[]){

int i = 0;
pid_t mypid = getpid();
if (argc == 1)
return 1;
printf("argc = %d and arguments are:\n", argc);
for (i ; i < argc ; i++)
printf("%d = %s\n" ,i, argv[i]);
printf("Replacing first argument with x:es... Now open another terminal and run: ps p %d\n", (int)mypid);
fflush(stdout);
memset(argv[1], 'x', strlen(argv[1]));
getc(stdin);
return 0;
}

A sample run looks like this:
$ ./pwhide abcd
argc = 2 and arguments are:
0 = ./pwhide
1 = abcd
Replacing first argument with x:es... Now run: ps p 27913

<In another terminal>
$ ps p 27913
PID TTY STAT TIME COMMAND
27913 pts/1 S+ 0:00 ./pwhide xxxx

In the interest of brevity, the above code isn't very portable - but it works on Linux and hopefully the point of it comes across. In other environments, such as FreeBSD, you have the setproctitle() syscall to do the dirty work for you. The key thing here is the overwriting of argv[1]
Because the size of argv[] is allocated when the program starts, you can't easily obfuscate the length of the password. I say easily - because of course there is a way.

This entry was posted in misc, MySQL. Bookmark the permalink.