A lot of programs require you to pass sensitive information like passwords etc as arguments to the program. However if you pass passwords as arguments, it will be visible through the /proc
filesystem or the ps ax
output while the program is in execution. To avoid the possibility of anybody prying on sensitive information, programmers should modify the memory location where the input parameters are stored (argv
array), so that it is not visible to any other users, who might have the access levels to see what processes you’re running. Jotted below is some sample code which modifies its input parameters to hide it from the proc file system.
#define _GNU_SOURCE #include <stdio.h> #include <time.h> #include <stdlib.h> #include <string.h> void main(int argc, char **argv) { char cmd[300]; if (argc == 2) { int argvlen, i; printf("Unmodified argv[1] => %s\n", argv[1]); argvlen = strlen(argv[1]); for(i=0; i < argvlen; i++) argv[1][i] = 'x'; printf("Modified argv[1] => %s\n", argv[1]); sprintf(cmd,"cat /proc/%d/cmdline", getpid()); printf("/proc entry for the process at %s\n", cmd); system(cmd); printf("\nps ax entry for %s\n", argv[0]); sprintf(cmd,"ps %d", getpid()); system(cmd); } else printf("Usage: %s some-string\n", argv[0]); }
Sample output of the program.
@c $ ./modify_argv test Unmodified argv[1] => test Modified argv[1] => xxxx /proc entry for the process at cat /proc/22493/cmdline ./modify_argvxxxx ps ax entry for ./modify_argv PID TTY STAT TIME COMMAND 22493 pts/0 S+ 0:00 ./modify_argv xxxx
>for(i=0; i argv[1][i] = ‘x’;
Oh, nice. Spoil and run, don’t grab anything.
[Humbug.in] Modify argv to hide sensitive information like passwords etc http://t.co/QHCqKaye @free_thinker #vietnam #hcmc