If I invoke a command with arguments like so:
bob@bob-pc:~$ command -arg1 -arg2
...can other users view the arguments passed to the command?
Asked
Active
Viewed 2,260 times
22
bahamat
- 39,666
- 4
- 75
- 104
Nathan Osman
- 6,240
-
A simple "yes" "no" answer to this question would contradict the content and the title :P – kizzx2 Feb 26 '11 at 04:29
-
@kizzx2: Fixed. – bahamat Oct 17 '12 at 21:46
3 Answers
16
In general, command line arguments are visible to all. For example, as a non-root user on OpenBSD, I can see arguments of processes running as root:
$ ps -U root -o command= |grep getty |head -n 1
/usr/libexec/getty std.9600 ttyC0
On Linux, you'll notice that all /proc/*/cmdline files are world-readable.
There may be highly specific settings in which command line arguments remain private. For example, SELinux and Solaris can altogether hide processes from other users. But unless you absolutely know you're in such a setting, assume command line arguments are public.
Gilles 'SO- stop being evil'
- 829,060
14
In general yes, they can see it. This is from the w man page:
The following entries are displayed for each user: login name, the tty name, the remote host, login time, idle time, JCPU, PCPU, and the com‐ mand line of their current process.
The complete command line of your currently running process will be displayed. That's why you do not want to supply things like passwords through command line arguments.
Jan Hlavacek
- 981
-
-
3@George There is, because rdesktop does it somehow (the password argument turns into
XXXXXXXX); I'd love to know how. It might do something lame like just forking itself and passing a fake argument; I'm not sure – Michael Mrozek Feb 25 '11 at 23:39 -
13On Linux, a process can overwrite the argument array passed to it. This is the reflected in the process tree visible by other users. However, there's still always a time when they are exposed, and may be vulnerable to race conditions and timing attacks. – mattdm Feb 26 '11 at 00:06
8
On standard setups the arguments are visible. As already mentioned, processes can overwrite them in memory but not before other processes have had a chance to see them.
However, the grsecurity patchset includes a patch which changes it so only the process owner (and root) can see the arguments passed to a process.
Maja Piechotka
- 16,676