Details
-
Bug
-
Resolution: Unresolved
-
Minor - P4
-
None
-
None
-
None
-
Windows
-
Server Security
-
ALL
Description
The censorArgvArray in
censorArgvArray(int argc, char** argv); |
is meant to overwrite argv to hide command-line secrets from `ps` or `/proc` traversal.
But on Windows, the argv we give is not the real argvW. It's a copy, so modifying it has no effect.
Windows processes have a special undocumented PEB block that may need to be modified to do the censoring properly.