Is it possible to hide process args from 'ps -ef'?? (Recap)
Brandon S. Allbery KB8JRR/AA
allbery at NCoast.ORG
Sun Apr 21 03:49:27 AEST 1991
As quoted from <1429 at compel.UUCP> by her at compel.UUCP (Helge Egelund Rasmussen):
+---------------
| >>Is it possible to hide the arguments, so that they won't show up in
| >>the 'ps' output (possibly by 'exec'ing sqlplus in some devious way :-)??
|
| I received a lot of replies for this question (Thanx to all!!), and the main
| result (until now) is that it isn't really possible (at least not in the
| general case).
|
| The best ones so far is:
| 1: exec the program with a very long argument ie.
| "<fullpath>//////////////////////////sqlplus scott/tiger"
|
| The idea of this is presumably, that ps only will show the first n
| characters of the argument list.
|
| 2: Modify the argv[] list in the exec'ed program after startup.
| This will ofcourse be a problem with sqlplus, but might work with
| 'runform' (using a user exit) or "home made" applications.
+---------------
Not under Interactive or any other V.3 --- rather than having programs grunge
through process data space to find the arguments, the first PSARGSZ (80)
characters of the command line are written to u.u_psargs with '\0' changed to
a space. The first variant will work, though.
Yes, programs can chase your process VM to find the argv information... but
this requires root access (unless you have general read on /dev/mem and
/dev/swap, in which case you've got worse security problems than this to
contend with!).
++Brandon
--
Me: Brandon S. Allbery Ham: KB8JRR/AA on 2m, 220, 440, 1200
Internet: allbery at NCoast.ORG (QRT on HF until local problems fixed)
America OnLine: KB8JRR // Delphi: ALLBERY AMPR: kb8jrr.AmPR.ORG [44.70.4.88]
uunet!usenet.ins.cwru.edu!ncoast!allbery KB8JRR @ WA8BXN.OH
More information about the Comp.unix.wizards
mailing list