| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|  |  | |||
Home -> Community -> Usenet -> c.d.o.server -> hide.c alternative
Because of corporate reluctance to rely on "unsupported" products, I have
found myself unable to use Oracle's hide.c to conceal passwords and other
parameters in UNIX "ps -ef" reports.
I am attaching a script that I wrote in the 1993 version of the Korn shell (source and binaries available at kornshell.com). This 1993 version is bundled in Solaris and HP-UX as /usr/dt/bin/dtksh. The BASH shell used by most Linux versions is slightly incompatible with the syntax of my script (the key is accepting "exec -a").
When deployed properly, this script will conceal sqlplus, exp/expst, imp/impst, sqlldr, and tkprof, as well as the smbclient program which is used to exchange data with NT file/print servers.
Are there any other Oracle utilities that place passwords on the command line which I should add to the script?
p.s. In testing, OpenBSD appears to preserve command lines of arbitrary
     length, which leads me to believe that this script might not be
     effective with Oracle on Mac OS X.
#!/usr/dt/bin/dtksh
# cloak.ksh: conceal command line passwords/parameters
#
# To use cloak.ksh,
# 1. Load this script onto the target system and chmod it 755,
# 2. Set softlinks in your path from the name of the vulnerable program with
#    a ".cloak" extension to this script (i.e. cd /usr/local/bin;
#    ln -s cloak.ksh sqlplus.cloak;)
# 3. Set an alias from the vulnerable utility to the soft link (i.e.
#    alias sqlplus=sqlplus.cloak [ksh syntax] or alias sqlplus sqlplus.cloak
#    [csh syntax]). These aliases can be set system-wide in /etc/profile or
#    /etc/csh.login.
#
# After these steps, all future logins that call "sqlplus user/password" should
# display "sqlplus -------..." rather than the password when other users run
# "ps -ef" or "ps aux" - note that the cloak will not take place if sqlplus
# is invoked with the full path (i.e. $ORACLE_HOME/sqlplus user/password).
#
# This script requires new features in ksh93 - bash is not entirely
# incompatible.
progname=$(basename "$0" .cloak) # could have space in the pathname
# Explicit list of programs to cloak
case $progname in
smbclient) runprog=/opt/samba/bin/smbclient ;; sqlplus) runprog=$ORACLE_HOME/bin/sqlplus ;; exp) runprog=$ORACLE_HOME/bin/exp ;; expst) runprog=$ORACLE_HOME/bin/expst ;; imp) runprog=$ORACLE_HOME/bin/imp ;; impst) runprog=$ORACLE_HOME/bin/impst ;; sqlldr) runprog=$ORACLE_HOME/bin/sqlldr ;; tkprof) runprog=$ORACLE_HOME/bin/tkprof ;; *) print "cloak: unknown program $progname"; exit ;;esac
# Complain about bad-form sqlplus passwords (ignore smbclient and any others)
if [[ $progname = 'sqlplus' ]]
then
for i in $* do case $i in +([!\/])\/*) print "YOU ARE REVEALING A PASSWORD! -> $i" #echo $(id) $(date) $ORACLE_SID $ORACLE_HOME \ #"$i" | tee -a /some/log \ #| mailx -s "open password!" security_at_acme.com ;; esac done
# From D Beusee's hide.c:
# This program works by padding 3000 '-' chars in argv[0]. This fools all known
# ps's. This will reduce the argument capacity of your program by 3000 chars.
# There is some performace penalty for using this program.
cloak=$(printf "$progname %.3000c" -)
exec -a "$cloak" $runprog "$@"
/ Charles J. Fisher | Enlightenment: the realization that your 100 / / cfisher_at_rhadmin.org | line Perl script can be reimplemented as a 5 / / http://rhadmin.org | line shell script. / --------------------------------------------------------------------------Received on Tue Mar 16 2004 - 09:08:12 CST
|  |  |