Re: hide the commabd executed from ps,who
w trillich wrote:
> 1) write a script to do the deed & supply the args, and call it
> as your command; then your command-line will only be the script name.
> set (restrict) permissions as needed on the script file.
No that doesn't work. Your script still runs a program with some
arguments; those arguments are still visible.
> 2) use variables (not very secure) or aliases (even less secure):
> % set cmd='mysql -umyself -ptryagain db'
> ...
> % $cmd
No, that doesn't work, same reason. It doesn't matter _how_ you get the
arguments to the program, they will still be visible in /proc and ps.
> 3) if the command has a dotfile option (as in ~/.mysqlrc) then put
> your sensitive stuff there and restrict privileges on that file.
Yes. The only true solution to a program that requires sensative data be
passed on the command line is the fix the program so it reads it from
elsewhere.
--
see shy jo
Reply to: