On Tue, May 16, 2000 at 09:29:55PM +0200, Robert Waldner wrote: > On Tue, 16 May 2000 11:56:07 PDT, "Sean 'Shaleh' Perry" writes: > >On 16-May-2000 50191914@uxmail.cityu.edu.hk wrote: > >> How can I hide the commond I am executing so that people can't see > >> it from ps,or who?For example,if i use mysql by typing mysql -u myname -p > >> passsword ..people can see my password...So it would be good if I can > >> hide what i am doing from other user...espcially for some program which > >> I can specify my password in command line... > > > >don't put your password on the commandline. Even if ps does not show it, it > >will appear in /proc. > > So the real question is: how can you manage so that not everything in /proc > is world-readable (is that´s possible by design)? > that is just the way it is, there is no way to change that in the standard kernel. i say standard kernel because there is a security patch which adds several security options to the kernel config, such as non-executable stack (which does no good) and tighter permissions on /proc. i think the way it works is instead of those files being world readable they are mode 440/550 instead of 444/555, and you can specify the group as a /proc mount option. this way you could allow all members of the wheel group to see all processes but everyone else can only see processes they own not any others. this proc patch has been proposed to be installed in the standard kernel but has always been rejected, i am not sure why it may very well break things. i think that this should be mount option for proc personally, if you don't need/want it mount proc normally, otherwise mount it with -o secure,group=wheel or something. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp72Cb4tASyr.pgp
Description: PGP signature