Is it possible to hide process args from 'ps -ef'?? (Recap)
John 'tms' Navarra
navarra at casbah.acns.nwu.edu
Wed Apr 24 12:54:17 AEST 1991
In article <z91980 at idunno.Princeton.EDU> subbarao at phoenix (Kartik Subbarao) writes:
>In article <1991Apr23.090439.29024 at casbah.acns.nwu.edu> navarra at casbah.acns.nwu.edu (John 'tms' Navarra) writes:
>>
>> I have been vaguely following this discussion and this might
>> sound simple (and of course it might not work) but if you want to hide a
>> process from ps (like a passwd call) how bout this:
>>
>> make a /bin/ps which does the following:
>>
>> exec /bin/psfiltered | grep -v passwd
>
>Changing a system program is a really Stupid way of solving the problem.
>First, the person that wants to do this is not necessarily the superuser,
>or one with kmem access.
I realize that the intent was not necc for someone without superuser
priveledges. That does not mean that there is not an interest in hiding
passwd calls if you have superuser privs.
>
>Secondly, it's really simple to have the program read the "secret"
>arguments from the tty (maybe even using getpass!), rather than have to have
>them passed as arguments.
Explain this one. If you don't have write access to other people's
terminals (which most systems don't now a days) how will you get the 'secret'
argument?
>
>
>In any event, systems programs should not be changed on simple whims like
>this. It's important that they be functional as they're expected to.
>
> -Kartik
I agree with you that perhaps you should not muck around with the system
programs. How bout a univeral alias that pipes grep -v passwd thru ps.
The whole point of this is not to advertise that it is being done, but rather
to stop people from trying to do 'timely' ps's.
>
>
>
>--
>internet# rm `df | tail +2 | awk '{ printf "%s/quotas\n",$6}'`
>
>subbarao at phoenix.Princeton.EDU -| Internet
>kartik at silvertone.Princeton.EDU (NeXT mail)
>SUBBARAO at PUCC.BITNET - Bitnet
--
>From the Lab of the MaD ScIenTiST:
navarra at casbah.acns.nwu.edu
More information about the Comp.unix.wizards
mailing list