[SERVER-52537] Mongostat,mongotop and other similar mongo commands are showing password in plain text on linux ps commands Created: 21/Oct/20 Updated: 06/Nov/20 Resolved: 05/Nov/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Azhar Yousuf | Assignee: | Eric Sedor |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Description |
|
Hi Team, We are running a few mongo commands using script and during those commands execution the passwords provided in -p option is coming with plain text when checked using ps commands on linux, where ps command is used to list the background processes running on linux systems. If I am not wrong, when mongo commands are checked on ps the -p parameter should sensor the passwords as xxxx. But however in our case it is not working for mongostat,mongotop and few other mongo commands and they are as follows
$ ps -ef | grep mongostat ----------------------------
$ ps -ef | grep mongotop ------------------------------ myuser 7232 7108 1 06:13 ? 00:00:00 /usr/bin/mongotop --quiet -u readonly -p mypassword@123 --authenticationDatabase admin -h host:27720 -n 1 $ while true; do ps -ef | grep mongo | grep authenticationDatabase | grep -v mongostat | grep -v mongotop;done Mongo version used on our environment [root@vm01 ~]# mongo --version
[root@vm01~]# rpm -qa | grep mongo kindly help us in hiding the information on ps commands given the fact mongo already has an option to hide these values
Thanks and Regards, Azhar Kindly help us on how to avoid hiding the passowrds in ps given the fact it is already available in mongo |
| Comments |
| Comment by Azhar Yousuf [ 06/Nov/20 ] |
|
Hi Eric,thanks for your response. Yes, I will follow the ticket and hopefully its getting fixed in the next release password="mypassword" I can use this $mongostat variable anywhere and it is working and in the ps output I dont see -P option or password being echoed. So for now will stick with this myuser 9670 1866 4 05:07 ? 00:00:00 /usr/bin/mongostat --quiet -u readonly --authenticationDatabase admin -o host,insert,query,update,delete,set,repl -h vm01:27717 -n 1 |
| Comment by Eric Sedor [ 05/Nov/20 ] |
|
Hi rizwiazhar@gmail.com, this is work we want to do and it is being tracked in |
| Comment by Massimiliano Marcon [ 02/Nov/20 ] |
|
Moved this to the SERVER project (was initially opened in the MONGOSH project). $mongosh already hides the command line arguments to prevent this issue. |