[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hide the commabd executed from ps,who

w trillich wrote:
> 1) write a script to do the deed & supply the args, and call it
>    as your command; then your command-line will only be the script name.
>    set (restrict) permissions as needed on the script file.

No that doesn't work. Your script still runs a program with some
arguments; those arguments are still visible.

> 2) use variables (not very secure) or aliases (even less secure):
>    % set cmd='mysql -umyself -ptryagain db'
>    ...
>    % $cmd

No, that doesn't work, same reason. It doesn't matter _how_ you get the
arguments to the program, they will still be visible in /proc and ps.

> 3) if the command has a dotfile option (as in ~/.mysqlrc) then put
>    your sensitive stuff there and restrict privileges on that file.

Yes. The only true solution to a program that requires sensative data be
passed on the command line is the fix the program so it reads it from
elsewhere.

-- 
see shy jo
Reply to: