[FFmpeg-trac] #11247(ffmpeg:new): Password in command line can see other users

Wed, 16 Oct 2024 04:01:20 -0700 

#11247: Password in command line can see other users
-------------------------------------+-------------------------------------
             Reporter:  rayanayar    |                     Type:
                                     |  enhancement
               Status:  new          |                 Priority:  normal
            Component:  ffmpeg       |                  Version:
             Keywords:  password     |  unspecified
  rtsp                               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the "bug":
 ffmpeg records video stream from IP-cam.
 IP-cam has authentication.
 {{{
 ffmpeg \
   -t 3600 \
   -i rtsp://admin:PASSWORD@192.168.0.100/stream1 \
   -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"
 }}}
 ffmpeg starts from cron script by unprivileged user.
 At the same host can be logged interactive users.

 The problem is: interactive users can see ffmpeg command line "by ps",
 thus users can see IP-cam password.
 {{{
 $ ps -f -C ffmpeg
 UID        PID  PPID  C STIME TTY          TIME CMD
 backup    1506  1423 88 07:47 pts/11   00:00:08 ffmpeg -t 3600 -i
 rtsp://admin:PASSWORD@192.168.0.100/stream1 ...
 }}}

 This applies not only to RTSP, but also to all protocols with
 authorization (ftp, http...).

 Possible solutions...
 ffmpeg get input (-i) from file:
 {{{
 echo 'rtsp://admin:PASSWORD@192.168.0.100/stream1' > input.txt
 ffmpeg \
   -t 3600 \
   -f inputasfile -i input.txt \
   -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"
 }}}
 {{{
 echo 'rtsp://admin:PASSWORD@192.168.0.100/stream1' > input.txt
 ffmpeg \
   -t 3600 \
   -i @input.txt \
   -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"
 }}}

 ffmpeg get input from environment var:
 {{{
 INPUT='rtsp://admin:PASSWORD@192.168.0.100/stream1'
 ffmpeg \
   -t 3600 \
   -i @INPUT \
   -vcodec copy -acodec copy "$(date +%Y-%m-%d+%H-%M-%S).mkv"
 }}}
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/11247>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
FFmpeg-trac@avcodec.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac

To unsubscribe, visit link above, or email
ffmpeg-trac-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to