Clear sys.argv in python

About

Asked 16/1, 2017 at 2:24 Answered 17/7, 2020 at 13:56

When user specify a password in MySQL cli, aka -pXXXXXX, the password parameter is replaced to -p****** in argv array.

So when someone check the process list with ps, they can't see the password.

How can I do the same in Python? This doesn't work obviously

for arg in sys.argv[1:]:
    arg = ""

Corticate answered 16/1, 2017 at 2:24 Comment(2)

Have you tried sys.argv = []. Also del sys.argv[1] (or whatever the index of the argument should be), which might just delete the one item? – Chisolm 16/1, 2017 at 2:35

@Chisolm It's more like to override the memory that argv points to – Corticate 16/1, 2017 at 4:44

sys.argv = [sys.argv[0]]

works and is more efficient and elegant than deleting all but the first element. I can't confirm this would overwrite or erase previous value of sys.argv in memory though.

Penang answered 10/2, 2018 at 1:7 Comment(2)

@lilydjwg What version of python are you using? Should be fine in 2.7 or 3.6. I tested in each and it worked. gist.github.com/jtara1/900a580b362ea1c8b3b7019695e04519 – Penang 12/8, 2020 at 23:50

It doesn't change what you see from outside in top / ps / etc. If you pass a password in an argument, it will be visible to other users on the same system (as long as they can see your process). – Keeler 13/8, 2020 at 10:54

You can make a wrapper that accepts a password and other arguments. It will then spawn a child, pass it the password in the way that's not visible in command line, eg. with multiprocessing, and kill itself. For killing processes while keeping their children alive look here.

Landlubber answered 16/1, 2017 at 4:22 Comment(0)

I didn't find a way so I turn to environment variables for tokens (and unset it once acquired to prevent leaking to child processes).

Keeler answered 17/7, 2020 at 13:56 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags