Geek Answers Handbook

Hiding command line arguments for a C program on Linux

How do I hide the command line argument for a C program running on Linux so that they are not visible to other users through "w", "ps auxwww", or similar commands?

+7
source share
3 answers

Change the contents of argv in your program:

#include <stdio.h> #include <time.h> void delay (long int msecs) { clock_t delay = msecs * CLOCKS_PER_SEC / 1000; clock_t start = clock(); while (clock() - start < delay); } void main (int argc, char **argv) { if (argc == 2) { printf ("%s\n", argv[1]); delay (6000); argv[1][0] = 'x'; argv[1][1] = '.'; argv[1][2] = 'x'; printf ("%s\n", argv[1]); delay (5000); printf ("done\n"); } else printf ("argc != 1: %d\n", argc); }

Vocation:

 ./argumentClear foo foo xx done

Result, viewing ps:

 asux:~ > ps auxwww | grep argu stefan 13439 75.5 0.0 1620 352 pts/5 R+ 17:15 0:01 ./argumentClear foo stefan 13443 0.0 0.0 3332 796 pts/3 S+ 17:15 0:00 grep argu asux:~ > ps auxwww | grep argu stefan 13439 69.6 0.0 1620 352 pts/5 R+ 17:15 0:02 ./argumentClear xx stefan 13446 0.0 0.0 3332 796 pts/3 S+ 17:15 0:00 grep argu

Note. The delay function does not work properly. Instead of 11 seconds, the program runs for about 2-3. I'm not a big programmer. :) The delay function needs to be improved.

+8
source

This is actually quite complicated (I will stop talking because it may be the way I do not know), especially if the user has access to the /proc file system for your process.

Perhaps the best way to prevent people from seeing your command line arguments is to not use command line arguments :-)

You can program your arguments in a corresponding protected file called (for example) myargs.txt , then run your program with

 myprog @myargs.txt

Of course, you will have to modify myprog to handle the "arguments in file" script.

Alternatively, you can set the arguments to environment variables and use your getenv program.

However, I do not know of a single method that could protect you from a process with the appropriate privileges (for example, one root run).

+7
source

As far as I know, this information is stored in kernel space. Except for writing a kernel module, you cannot hide this information because any program can query the proc file system to see command line arguments (this is what ps does).

Alternatively, you can read args at stdin on the command line, then populate the array to pass a command line argument handler. Or, even better, add support for your program to read a configuration file that contains the same information about command line arguments, and set permissions so that only the owner can read the file.

Hope this helps.

0
source

More articles:


All Articles