Modify argv to hide sensitive information like passwords etc

A lot of programs require you to pass sensitive information like passwords etc as arguments to the program. However if you pass passwords as arguments, it will be visible through the /proc filesystem or the ps ax output while the program is in execution. To avoid the possibility of anybody prying on sensitive information, programmers should modify the memory location where the input parameters are stored (argv array), so that it is not visible to any other users, who might have the access levels to see what processes you’re running. Jotted below is some sample code which modifies its input parameters to hide it from the proc file system.

#define      _GNU_SOURCE
#include <stdio.h>
#include <time.h>
#include <stdlib.h>
#include <string.h>

void main(int argc, char **argv) {
  char cmd[300];

  if (argc == 2) {
    int argvlen, i;
    printf("Unmodified argv[1] => %s\n", argv[1]);
    argvlen = strlen(argv[1]);
    for(i=0; i < argvlen; i++)
      argv[1][i] = 'x';
    printf("Modified argv[1] => %s\n", argv[1]);
    sprintf(cmd,"cat /proc/%d/cmdline", getpid());
    printf("/proc entry for the process at %s\n", cmd);
    printf("\nps ax entry for %s\n", argv[0]);
    sprintf(cmd,"ps %d", getpid());
  } else
    printf("Usage: %s some-string\n", argv[0]);

Sample output of the program.

@c $  ./modify_argv test
Unmodified argv[1] => test
Modified argv[1] => xxxx
/proc entry for the process at cat /proc/22493/cmdline
ps ax entry for ./modify_argv
22493 pts/0    S+     0:00 ./modify_argv xxxx


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.