Participants
Luis Díaz
Luis Díaz
Magnus Hagander
Magnus Hagander
Attachments
Show all attachments
Thread Outline
#1Luis DíazLuis Díaz
Feb 08, 2022
#2Magnus HaganderMagnus Haganderto Luis Díaz (#1)
Feb 08, 2022

PSQL Client command line password leak when using Connection String

Started by Luis Díazabout 4 years ago2 messagesbugs
Jump to latest
#1Luis Díaz
Luis Díaz
luisjesusdm@gmail.com

Hello,

In Unix, the command line of all users is public and when using a
connection string, sensitive data is passed unencrypted (the password)

I think some Linux/Unix command-line utilities do clear the command line on
initialization to prevent leaking sensitive information that needs to be
passed over the command line.

I have tested the PSQL Client to not be clearing the password from the
command line string when a non-privileged user reviews the process.

To reproduce:
psql "postgresql://postgres:password@localhost:5432/database" -c "SELECT
clock_timestamp(),pg_sleep(200),clock_timestamp()" &
[220068]: ps -f -p 220068 /usr/lib/postgresql/12/bin/psql postgresql://postgres:password@localhost :5432/database
ps -f -p 220068
/usr/lib/postgresql/12/bin/psql postgresql://postgres:password@localhost
:5432/database

[image: Screenshot_20220208_010124.png]
Best regards,

------------------------------
Luis J. DiazWeb Developer

- [image: Website] <https://www.drconopoima.com&gt;
- [image: GitHub] <https://github.com/drconopoima&gt;
- [image: LinkedIn] <https://www.linkedin.com/in/drconopoima&gt;

Attachments:

Screenshot_20220208_010124.pngimage/png; name=Screenshot_20220208_010124.pngDownload
#2Magnus Hagander
Magnus Hagander
magnus@hagander.net
In reply to: Luis Díaz (#1)
Re: PSQL Client command line password leak when using Connection String

On Tue, Feb 8, 2022 at 8:52 AM Luis Díaz <luisjesusdm@gmail.com> wrote:

Hello,

In Unix, the command line of all users is public and when using a
connection string, sensitive data is passed unencrypted (the password)

I think some Linux/Unix command-line utilities do clear the command line
on initialization to prevent leaking sensitive information that needs to be
passed over the command line.

I have tested the PSQL Client to not be clearing the password from the
command line string when a non-privileged user reviews the process.

To reproduce:
psql "postgresql://postgres:password@localhost:5432/database" -c "SELECT
clock_timestamp(),pg_sleep(200),clock_timestamp()" &
[220068]
ps -f -p 220068
/usr/lib/postgresql/12/bin/psql postgresql://postgres:password@localhost
:5432/database

This is not a function of PostgreSQL, but one of your operating system. If
the operating system that shows this information, not PostgreSQL. There is
no way that psql (or other tools) could know if what you pass is sensitive
-- you could just as well have put sensitive data in the query for -c, for
example.

That said, you shouldn't be putting your password on the commandline if you
are not in a secure environment. PostgreSQL provides multiple different
ways to pass the password, such as an environment variable or the .pgpass
file.

//Magnus

← Back to Topics