#31 Hide password from process list

open
nobody
None
5
2010-10-04
2010-10-04
GummiBear
No

Currently, the password is shown to anyone who can view the process list, e.g.

joe@dev:/home/joe# ps aux | grep 7z
root 24586 0.0 0.0 52796 1000 pts/1 S 18:20 0:00 /bin/sh /usr/local/bin/7za a -t7z -sihome.tar -psecret /var/backup/2010-10-04-dev-home-backup.tar.7z
root 24590 142 2.4 231512 197048 pts/1 Rl 18:20 20:18 /usr/local/lib/p7zip/7za a -t7z -sihome.tar -psecret /var/backup/2010-10-04-dev-home-backup.tar.7z

Would be great if there was a way to hide the password.

I've tried pipes and <<, but they don't seem to work, so I'm guessing the password isn't read from stdin.

I don't know how porting works, but I'm imagining sort of wrapper to supply a file name on the command line might also work (like --password-file=~/.7zpassword or something like that).

Discussion

  • dbpalan
    dbpalan
    2012-06-04

    I am seeking for this solution and finally google to here. This feature definitely help. I switched my encryption script from gpg to p7z due to the portability between linux and windows. While found that I can't manage the security issue due to lack of password file feature in p7z (while gpg has this feature).

    Hope can see this feature in next version!

     
  • my p7zip
    my p7zip
    2012-07-10

    If your archive is launched by hand :
    7za a -t7z -sihome.tar -p /var/backup/2010-10-04-dev-home-backup.tar.7z

    will ask for the password.

    so "ps aux" will not show your password

     
  • Sworddragon
    Sworddragon
    2012-09-30

    This will work in most cases but for example not in cronjobs that shall run in the background. In this case a password must be given and it would be useful if p7zip could read it from a file.

     
  • wnefal
    wnefal
    2013-01-28

    I tried

    $ echo "password" | 7za x bla.zip
    $ 7za x bla.zip <<HERE
    password
    HERE

    Both does not work as GummiBear stated.
    It makes it essentially unscriptable.