Is it possible to hide process args from 'ps -ef'??
Chris Lewis
clewis at ferret.ocunix.on.ca
Sat Apr 20 08:45:40 AEST 1991
In article <1414 at compel.UUCP> her at compel.UUCP (Helge Egelund Rasmussen) writes:
>It is possible to give Oracle programs the username/password on the
>command line, ie :
> $ sqlplus scott/tiger
>This is all very nice, BUT when another user execute 'ps -ef' he/she
>can see the password!
>Is it possible to hide the arguments, so that they won't show up in
>the 'ps' output (possibly by 'exec'ing sqlplus in some devious way :-)??
I don't know how bullet proof this is, or how portable, but on many
versions of UNIX you can overwrite the character strings that the
argv[] array points to. Ie:
main(...) {
char *p;
/* parse arguments */
for (i = 0; i < argc; i++)
for (p = argv[i]; *p; p++)
*p++ = '\0';
You probably only have to zero the first byte in the argv[i] strings.
We used to do this to rename/hide executing game programs at a company I
used to work for. BTW: BSD 4.1 accounting wouldn't even show jobs that
had a control character in their name ;-)
This doesn't help directly, because you presumably don't have source
to sqlplus, and this only works for the *current* process.
What you could do is something like the above, but after clobbering
arguments, pipe/fork/exec sqlplus, and stuff the password down the
pipe, then relinquish stdin to the terminal. This, does still leave
a short window tho...
Frankly, if you're concerned about the password, you shouldn't do this
anyways - it becomes too tempting to put passwords in shell scripts...
--
Chris Lewis, Phone: (613) 832-0541, Internet: clewis at ferret.ocunix.on.ca
UUCP: uunet!mitel!cunews!latour!ecicrl!clewis; Ferret Mailing List:
ferret-request at eci386; Psroff (not Adobe Transcript) enquiries:
psroff-request at eci386 or Canada 416-832-0541. Psroff 3.0 in c.s.u soon!
More information about the Comp.unix.wizards
mailing list