Re: [go-nuts] How to hide command line argument from ps

2016-06-22 Thread Sean Russell 
On Tuesday, June 21, 2016 at 9:56:21 PM UTC-4, Lazytiger wrote:
> Thanks for all the replies. I agree that there is a better way to do the 
> security jobs. I ask this question just for curiosity, to find out if there 
> is a equivalence way to do this in golang. From all the replies I assume 
> there is a no.

Environment variables. github.com/namsral/flag implements a flags library that 
will populate flags from either command line args or environment variables at 
run time, and is a drop-in replacement for the standard flag library.

--- SER

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [go-nuts] How to hide command line argument from ps

2016-06-21 Thread Hoping White 
Thanks for all the replies. I agree that there is a better way to do the 
security jobs. I ask this question just for curiosity, to find out if there is 
a equivalence way to do this in golang. From all the replies I assume there is 
a no.

> 在 2016年6月21日,下午10:39,Matt Harden  写道:
> 
> It's generally a bad idea to try to improve security by hiding args. Much 
> better to pass the argument another way, for instance via an open file 
> descriptor that the program reads the value from.
> 
> 
> On Tue, Jun 21, 2016, 07:16 Hoping White  > wrote:
> Hi, all
> 
>I wonder is there a way to hide command line arguments from programs like 
> “ps”? I can rewrite argv parameter for main in c language, or use LD_PRELOAD 
> to intercept libc_start_main, but all these methods do not be functional in 
> go. Thanks.
> 
> --
> You received this message because you are subscribed to the Google Groups 
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to golang-nuts+unsubscr...@googlegroups.com 
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [go-nuts] How to hide command line argument from ps

2016-06-21 Thread Matt Harden 
It's generally a bad idea to try to improve security by hiding args. Much
better to pass the argument another way, for instance via an open file
descriptor that the program reads the value from.

On Tue, Jun 21, 2016, 07:16 Hoping White  wrote:

> Hi, all
>
>I wonder is there a way to hide command line arguments from programs
> like “ps”? I can rewrite argv parameter for main in c language, or use
> LD_PRELOAD to intercept libc_start_main, but all these methods do not be
> functional in go. Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [go-nuts] How to hide command line argument from ps

2016-06-21 Thread Konstantin Khomoutov 
On Tue, 21 Jun 2016 22:16:38 +0800
Hoping White  wrote:

> I wonder is there a way to hide command line arguments from
> programs like “ps”? I can rewrite argv parameter for main in c
> language, or use LD_PRELOAD to intercept libc_start_main, but all
> these methods do not be functional in go. Thanks. 

What problem are you trying to solve?

It smells like you're passing some security-sensitive data to your
program.  If yes, do not do that: pass it via stdin via any protocol
agreed-upon by both parties (a single LF-terminated UTF-8-encoded string
could be OK).  If you need to use stdin to pass some other data, create
a socket pair (man 2 socketpair) in your host program, mark its read
end as exported on fork (or, alternatively, mark its write end as not
exported on fork -- this really depends on what language/runtime the
host is written in) -- to make the read end's file descriptor inherited
by your Go process, and pass the number of that file descriptor on the
command-line to the Go process.  It will then convert it to a proper
socket value and read your security-sensitive data from there.  (That's
what GPG does, for instance).  If you need more details, ask away.

Otherwise, try looking at prctl(2) and its PR_SET_NAME.
Not sure if it works on all POSIX kernels as this call is not defined
by POSIX.

In any case, I should stress that any attempt of re-writing
command-line options as seen by `ps` for security is solving the problem
asswards.

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[go-nuts] How to hide command line argument from ps

2016-06-21 Thread Hoping White 
Hi, all

   I wonder is there a way to hide command line arguments from programs like 
“ps”? I can rewrite argv parameter for main in c language, or use LD_PRELOAD to 
intercept libc_start_main, but all these methods do not be functional in go. 
Thanks. 

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.