-
Notifications
You must be signed in to change notification settings - Fork 219
Security of SAS tokens on Linux
adreed-msft edited this page Sep 3, 2021
·
1 revision
When running AzCopy on Linux, SAS tokens may be exposed to other users via ps -a.
There are several tactics you can use to prevent the exposure of secrets on the command line to other users, including left-padding the parameters with spaces (Prior to Linux 4.2), re-mounting /proc with hidepid=2 (mount -o remount /proc -o hidepid=2), etc. but there is no configuration-agnostic solution AzCopy can implement to hide command-line parameters.
Note that re-mounting proc will not prevent root users from attaining such information (this is equivalent in security to environment variables on Linux, as well).