Mask user credentials in ps output of pbm-agent
Description
Environment
AFFECTED CS IDs
relates to
Smart Checklist
Activity

Jira Bot July 30, 2021 at 10:56 AM
To:
CC:
Hi, I'm jira-bot, Percona's Jira automation tool. I've detected that someone from
Percona has made an edit to the Summary field of an issue that you reported.
I'm not sentient (yet) so I'm not sure whether the person fixed a typo, changed
a few words, or completely rewrote the text. In any case, it is Percona Engineering's
intention to make the Summary and Description of an issue as accurate as possible
so that we're fixing the actual problem you're encountering, and to avoid
misunderstandings about symptoms and causes.
If the current Summary does not accurately reflect the problem you are reporting,
or if you feel the change was otherwise inappropriate in some way, please add a
new comment explaining things and we'll address it as soon as we can.
This message will be added only once per issue, regardless of how many times
the Summary is edited.
message-code:summary-edited

Akira Kurogane February 17, 2020 at 1:21 PM
Note: if/when we apply this feature we can consider reverting . Just a thought; I'm not strongly for or against ti.

Akira Kurogane January 15, 2020 at 1:01 AMEdited
Hi Jericho!
For readers at the moment (with PBM v<= v1.1):
"ps -o args" prints what is in /proc/<pid>/cmdline
.
A programmatic fix to redact the username and password from a commandline --mongodb-uri argument is to do the following after start:
Read the whole cmdline string from
/proc/self/cmdline
.Check for the presence of a "--mongodb-uri[=|\s+]\S+" match in that cmdline string. Exit if none.
Parse the URI string using url.Parse(). Exit if the UserInfo parts are empty.
Redact the UserInfo part. (TBD: Just the password or both the username and password.)
If we can assume redacted URI length is <= original URI then overwrite existing memory:
Something like: memset(*argv, 0, strlen(*argv)); (done somehow in golang)
If we can't assume redacted URI is <= original URI length then make a new cmdline:
Put the entire cmdline string with the redacted --mongodb-uri somewhere else in the stack memory
Use the prctl(2) syscall with PR_SET_MM_ARG_START+PR_SET_MM_ARG_END (done somehow in golang)
See https://unix.stackexchange.com/questions/302948/change-proc-pid-environ-after-process-start for ways to do it in C, on Linux. The question asks how to overwrite environ, but the answers applies to cmdline as well.
See https://stackoverflow.com/questions/14926020/setting-process-name-as-seen-by-ps-in-go for ways to do it in Go.