Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Possible security issue with the use of 'ps' System
The ps command in UNIX returns a list of all of the commands that are currently running, as well as some information about them. Strangely, the command executes as root. This allows anyone connected to your machine via SSH see anything you are doing in the Terminal. For example, if I run ps -wao "user command" right now, it returns:
  USER  COMMAND
  root  login -pf ryang
  ryang -tcsh (tcsh)
  ryang ftp ftp://user:pass@127.0.0.1
  root  login -pf ryang
  ryang -tcsh (tcsh)
  root  ps -wao user command
As you can see, it returns information about an FTP connection, including the username and password I used with it.

[robg adds: I believe ps needs to run as root to find information on all processes. I think what this hint really reveals is that you shouldn't use the command line to input your username and password to the ftp program! Instead, create a file called .netrc in your home directory, and store your machine names, user names, and passwords there instead (make sure the file isn't readable by others by typing chmod go-r .netrc). Read more about .netrc files in the man ftp pages.]
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[3,919 views]  

Possible security issue with the use of 'ps' | 13 comments | Create New Account
Click here to return to the 'Possible security issue with the use of 'ps'' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Possible security issue with the use of 'ps'
Authored by: adashiel on Apr 21, '03 10:50:30AM

I know it's been said before, but security is a pretty relative thing if you're using FTP. Unless you've got an SSL-encrypted or Kerberized connection, which is pretty rare in straight FTP, your password is going out on the network in the clear anyway. Particularly if you're the only user on your machine, that should concern you a lot more than your password showing up in the process list.

I don't know if I'd recommend using a netrc file, either. While a process listing is relatively ephemeral, the netrc is a permanent fixture. It's so easy to accidentally set the wrong permissions on it, and if your machine gets rooted, you've just provided an attacker access to every host you've saved your password for.



[ Reply to This | # ]
Possible security issue with the use of 'ps'
Authored by: aaronfaby on Apr 21, '03 11:01:53AM

The solution is simple. Just don't use FTP. Use sftp or scp
instead. Most FTP clients seem to support sftp nowadays,
so client compatibility shouldn't be an issue.



[ Reply to This | # ]
Possible security issue with the use of 'ps'
Authored by: Hivelogic on Apr 21, '03 11:10:31AM

I can't believe that people actually specify FTP options on
the command-line with FTP.

Just type ftp someserver.com and you'll be prompted for
the username and password.

Who would do this on the command line in this fashion?

Unbelieveable.



[ Reply to This | # ]
Hmm...
Authored by: robg on Apr 21, '03 11:20:40AM

When I use "ftp someserver," it seems to default to "anon" and "email@host" as the username/pass. On my server, where anon is disabled, I can't connect without using a .netrc or specifying it on the command line (which I never do). So i just use a graphical client instead ;-)

-rob.



[ Reply to This | # ]
Hmm...
Authored by: Eravau on Apr 21, '03 11:55:57AM
Well, you could just type: ftp

You'll then be in the ftp application and get the ftp> prompt. At the prompt, type: open -u username server.domain.com

It'll then log on under your username and request your password.

[ Reply to This | # ]

Hmm...
Authored by: Eravau on Apr 21, '03 11:56:57AM
Well, you could just type: ftp

You'll then be in the ftp application and get the ftp> prompt. At the prompt, type: open -u username server.domain.com

It'll then log on under your username and request your password.

[ Reply to This | # ]

Hmm...
Authored by: Lizard_King on Apr 21, '03 12:08:11PM

another idea to try out would be to simply run ftp from the command line without any specific parameters. Once you see the "ftp>" prompt, you can connect to machines via the command: "open someserver.com"



[ Reply to This | # ]
Hmm - use 'ftp someuser@yourdomain.com'
Authored by: Krioni on Apr 22, '03 12:36:14AM
If you want to login as a specific user just do this:

ftp someuser@somedomain.com

You'll be asked for someuser's password, rather than trying to login as your local account name. No need to specifiy the user and password - user by itself is fine. It will ask for what you leave out.

[ Reply to This | # ]

Possible security issue with the use of 'ps'
Authored by: sharumpe on Apr 21, '03 11:46:47AM

There are plenty of reasons why you would want to specify credentials in a non-interactive fashion. If you want to automate the up/downloading of files, you certainly don't want to have to enter things by hand.

Some programs that run on the command line will allow you to specify a file to grab credentials from (smbclient is an example of this). Some do not. A little bit of Perl can get around this, but it's not trivial if you don't know Perl (and I'm sure there are other solutions). Check the man pages (man command) to see if the command you're using supports something like this.

In general, if you have multiple users on your machine, you should avoid any command-line that includes your username and (especially) your password in clear text. If you are the only user, it's not a big deal.

Mr. Sharumpe



[ Reply to This | # ]
Possible security issue with the use of 'ps'
Authored by: thrig on Apr 21, '03 01:58:14PM

Not sure why Apple is setting the suid bit on /bin/ps, though it can be removed via:

$ sudo chmod u-s /bin/ps

On related unix systems, FreeBSD has no suid bits on the ps binary, while OpenBSD has the sgid bit set for the kmem group.



[ Reply to This | # ]
Possible security issue with the use of 'ps'
Authored by: jafager on Apr 21, '03 03:10:10PM

I would recommend against this unless you really know what
you're doing. Even if you never use the command line, you
could end up breaking graphical applications (or critical parts of
the operating system) if you hose /bin/ps.

It wouldn't surprise me at all to find that the Darwin /bin/ps is
significantly different from the FreeBSD version; the process
table is pretty proprietary stuff.

jafager



[ Reply to This | # ]
The issue is not PS
Authored by: ajmas on Apr 21, '03 08:19:10PM

This is why you should not ever specify a password as parameter to a program. Heck, if you are typing it as a parameter, then it is already clear text to the person looking over your shoulder.

PS shows information on all processes, with the right options. For this reason you should either simply type the username, which in many cases prompts for the password, or what other way there is to specify the password, without typing it as a parameter.



[ Reply to This | # ]
Password and pppd
Authored by: calroth on Apr 23, '03 06:53:59AM

It used to be the case that when you dialed in to the Internet, your password was visible in plain-text because it was sent to pppd that way. It's what Internet Connect.app did. Didn't make me feel great.

It was fixed in Mac OS X 10.2, from memory. Anyone who uses a previous version, beware.



[ Reply to This | # ]