Which multi-user operating systems allow a user to see the current command line of other users?
I was reading the manpage of unzip
, and ran into the following
-P password
use password to decrypt encrypted zipfile entries (if any). THIS
IS INSECURE! Many multi-user operating systems provide ways for
any user to see the current command line of any other user; even on
stand-alone systems there is always the threat of over-the-shoulder
peeking.
While the security precaution of not typing passwords in clear text (and having them end up in shell history) is of course true, I find it hard to believe that there are operating systems out there where any user can see the command line of any other user. Could someone give me an example (legacy systems included)?
I believe ps
, top
, etc. are the answer for UNIX.
My guess would be that on Unix/Linux systems using lsof
might potentially expose user interaction. The logic being that lsof
shows a list of open files on the system. And perhaps if one is unzipping a huge file then it would still be open for long enough for someone to notice and then peek at activity. Heck, it would be fairly trivial to write a Bash script and run it every minute or so via a cron job to collect an ongoing log of open file activity.
But that still rings false to me. I mean lsof
does potentially expose something like inline MySQL passwords this way. But I am not 100% as to whether a normal user without sudo
/root rights would be able to see lsof
activity from other users like that.
Unix allows "ps". Also, Unix commonly has a "w" command that will show what users are running. "w" might commonly chop off commands based on terminal size, but that can be overridden. (One easy way may be to just use a wider terminal.)
This will probably also affect multiple Unix-like systems (Linux, BSD systems, Solaris, etc.)
I believe that Microsoft Windows would also show this in the Task Manager. Well, maybe that is less common with Windows Vista and User Account Control, as User Account Control may be needed. But back in the days on WinXP/Server2003 and earlier, such restrictions may have been more lax. There's a reason why NET USE started supporting an asterisk and then prompting the user for a password. With:
WMIC /NODE:ComputerName PROCESS LIST
a user probably doesn't even need to be on the same computer to see a command that is run. Offhand, I'd suspect that multiple of TaskList, TList, and PSList (all distributed freely by Microsoft) probably also support the ability to see what is happening, regardless of what user is running. At least, users with Administrator privileges, which was more common on pre-Vista operating systems. (In Win9x, the general standard was that all users had Administrator-like abilities.) Keep in mind that Info-Zip, which is the documentation you're quoting, is quite a bit older than WinXP. Offhand I think it's older than Win95.
With older multi-user systems, secrecy was not as big of a concern. Being able to see what the computer is doing, including what commands other users were running, was probably viewed as a positive feature, not a negative breach in security. Perhaps a more applicable question is: Is there any major multi-user OS that did not support users being able to see what commands are run on the computer?
The safer approach is to never put sensitive passwords on a command line. Another option may be to put passwords in a file, and then specify that file on the command line. e.g.:
type pwfile | command
At least that way, permissions based on the filesystem implementation will likely offer some protection.