Skip to content

Instantly share code, notes, and snippets.

@klingtnet

klingtnet/README.md

Last active August 29, 2020 19:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save klingtnet/01f8ee62ec19d926ac57389d3372314a to your computer and use it in GitHub Desktop.
Save klingtnet/01f8ee62ec19d926ac57389d3372314a to your computer and use it in GitHub Desktop.
Download ZIP
You can not overwrite command line arguments with Go
Raw
README.md

You can not overwrite command line arguments with Go

The code above will not change what is printed when running xargs -0 <\ /proc/<PID>/cmdline. This is likely because os.Args is a slice copy of the actual command line arguments: https://github.com/golang/gofrontend/blob/289d94b9e6303ec74649d1f08d418300f2b4d0fd/libgo/go/runtime/runtime.go#L61 You may ask why anyone want's to do this, e.g. MySQL is overwriting passwords passed from the command line such that they can not be read with the method above, at least not after process initialization is finished:

On some systems, your password becomes visible to system status programs such as ps that may be invoked by other users to display command lines. MySQL clients typically overwrites the command-line password argument with zeros during their initialization sequence.

Conclusion: Use environment variables to pass secrets.

Raw
overwrite.go
package main
import (
"fmt"
"os"
"time"
)
func main() {
pw := os.Args[1]
os.Args[1] = "hidden"
fmt.Println("Running as PID", os.Getpid())
fmt.Printf("A secret: %q\n", pw)
wait := 5 * time.Minute
fmt.Println("Sleeping for", wait)
time.Sleep(wait)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment