Re: hide the commabd executed from ps,who

To: w trillich <will@pinncomp.net>
Cc: debian-user@lists.debian.org
Subject: Re: hide the commabd executed from ps,who
From: Oswald Buddenhagen <ob6@inf.tu-dresden.de>
Date: Wed, 17 May 2000 10:49:47 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.21.0005171026380.1005-100000@ugly.wh8.tu-dresden.de>
In-reply-to: <[🔎] 392229B7.58863E5@pinncomp.net>

> 1) write a script to do the deed & supply the args, and call it
>    as your command; then your command-line will only be the script name.
>    set (restrict) permissions as needed on the script file.
> 
huuh? does this make sense? the script will eventually call/exec the main
program, which will have the password in clear text on it's command line, 
too.

> 2) use variables (not very secure) or aliases (even less secure):
>    % set cmd='mysql -umyself -ptryagain db'
>    ...
>    % $cmd
> 
same for this. this is expanded by the shell, so ps shows all sensitive
data.

> 3) if the command has a dotfile option (as in ~/.mysqlrc) then put
>    your sensitive stuff there and restrict privileges on that file.
> 
that's the way to go. unfortunately, not all programs offer this feature.

note: there is a way for the called prgram to clobber it's own command
line. so the program would read it's parameters and then destroy them. the
few milliseconds, until it has done so, the command line would
be readable, of course.
however, this method requires changing the source of the target program.

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
If Windows is the answer, I want the problems back!

Reply to:

References:
- Re: hide the commabd executed from ps,who
  - From: w trillich <will@pinncomp.net>

Prev by Date: Re: virtual news server
Next by Date: Re: hypenation in tetex
Previous by thread: Re: hide the commabd executed from ps,who
Next by thread: Re: hide the commabd executed from ps,who
Index(es):
- Date
- Thread