Opened 3 hours ago
#11247 new enhancement
Password in command line can see other users
Reported by: | rayanayar | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | ffmpeg |
Version: | unspecified | Keywords: | password rtsp |
Cc: | rayanayar | Blocked By: | |
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the "bug":
ffmpeg records video stream from IP-cam.
IP-cam has authentication.
ffmpeg \ -t 3600 \ -i rtsp://admin:PASSWORD@192.168.0.100/stream1 \ -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"
ffmpeg starts from cron script by unprivileged user.
At the same host can be logged interactive users.
The problem is: interactive users can see ffmpeg command line "by ps", thus users can see IP-cam password.
$ ps -f -C ffmpeg UID PID PPID C STIME TTY TIME CMD backup 1506 1423 88 07:47 pts/11 00:00:08 ffmpeg -t 3600 -i rtsp://admin:PASSWORD@192.168.0.100/stream1 ...
This applies not only to RTSP, but also to all protocols with authorization (ftp, http...).
Possible solutions...
ffmpeg get input (-i) from file:
echo 'rtsp://admin:PASSWORD@192.168.0.100/stream1' > input.txt ffmpeg \ -t 3600 \ -f inputasfile -i input.txt \ -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"
echo 'rtsp://admin:PASSWORD@192.168.0.100/stream1' > input.txt ffmpeg \ -t 3600 \ -i @input.txt \ -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"
ffmpeg get input from environment var:
INPUT='rtsp://admin:PASSWORD@192.168.0.100/stream1' ffmpeg \ -t 3600 \ -i @INPUT \ -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"
Note:
See TracTickets
for help on using tickets.