2

What is the best way to pass parameters to a forked script securely? E. g. passing parameters through command line operands is not secure, since someone who has an account on the host can run ps and see them.

Unnamed pipe is quite secure, as far as I understand, isn't it? I mean, passing parameters to STDIN of the forked process.

What about passing parameters in environment vars? Is it secure?

What about passing parameters by other means I didn't mention?

codeholic
  • 134
  • 5

1 Answers1

2

There might be a better way, but if there is sensitive information I would recommend you put it in a file that nobody else can read. You then pass the file as an argument to the program, and that program can open the file and parse out the information it needs.

If it is really sensitive you can encrypt the file itself, but making a file that only the owner can read is good enough for private ssh keys.

Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
  • Using a file or a named pipe is definitely a much worse protection comparing to unnamed pipes, as far as I understand. Because if they've got control over the account, on behalf of which the process starts, they will be able to read a file or a named pipe, but not an unnamed pipe. And human factor, by the way. Everyone does mistakes. Someone will change the script and break `chmod`, that's how it happens. – codeholic Apr 21 '10 at 19:12
  • Maybe more information might help. You could have a *very* carefully written setuid program that gets the information from a file, and only root can read it. Basically that program would escalate to root only to read the file, and then drop back down to regular user privileges. Any encrypted file that requires a password seems like the best bet to me though. – Kyle Brandt Apr 21 '10 at 19:23
  • Depending on use case, you could always take the MySQL model and pass a command instructing the fork()'d script to prompt for the required information. The environment works, but is can be visible under /proc if the user has the correct permissions. Though, I guess that the same applies to a temporary file containing the sensitive information. There are other ways, as well. If you're calling fork() from within a "real language", you can always just read out of memory. – McJeff Apr 21 '10 at 20:08