Opened 3 hours ago

#11247 new enhancement

Password in command line can see other users

Reported by: rayanayar Owned by:
Priority: normal Component: ffmpeg
Version: unspecified Keywords: password rtsp
Cc: rayanayar Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the "bug":
ffmpeg records video stream from IP-cam.
IP-cam has authentication.

ffmpeg \
  -t 3600 \
  -i rtsp://admin:PASSWORD@192.168.0.100/stream1 \
  -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"

ffmpeg starts from cron script by unprivileged user.
At the same host can be logged interactive users.

The problem is: interactive users can see ffmpeg command line "by ps", thus users can see IP-cam password.

$ ps -f -C ffmpeg
UID        PID  PPID  C STIME TTY          TIME CMD
backup    1506  1423 88 07:47 pts/11   00:00:08 ffmpeg -t 3600 -i rtsp://admin:PASSWORD@192.168.0.100/stream1 ...

This applies not only to RTSP, but also to all protocols with authorization (ftp, http...).

Possible solutions...
ffmpeg get input (-i) from file:

echo 'rtsp://admin:PASSWORD@192.168.0.100/stream1' > input.txt
ffmpeg \
  -t 3600 \
  -f inputasfile -i input.txt \
  -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"

echo 'rtsp://admin:PASSWORD@192.168.0.100/stream1' > input.txt
ffmpeg \
  -t 3600 \
  -i @input.txt \
  -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"

ffmpeg get input from environment var:

INPUT='rtsp://admin:PASSWORD@192.168.0.100/stream1'
ffmpeg \
  -t 3600 \
  -i @INPUT \
  -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"

Change History (0)

Note: See TracTickets for help on using tickets.