From: Shaul Karl (shaulk_at_nonexisting.hamakor.org.il)
Date: Sat 03 Jul 2004 - 13:40:03 IDT
On Sun, Jun 27, 2004 at 10:36:26AM +0300, Noam L. wrote:
> A program can cloak its commandline (or even have it cloacked for her)
> An example: MySQL's client:
>
> 6093 pts/76 S 0:00 mysql -uroot -px xxxxxx
> .
> root_at_mail:/var/lib/mysql# cat /proc/6093/cmdline
> mysql-uroot-pxxxxxxx
>
>
> such program does that by editing its argv.
Quoting
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=3lo0kt%24nih%40newsserver.trl.OZ.AU&rnum=21
Notice that on HP-UX (or any derivative of AT&T UNIX),
blanking out argv(1) has no effect. You are still able to see
all its arguments. This is due to the way AT&T UNIX
implements its process list and the permissions associated
with it. Programs are not permitted to modify the process
list. Therefore Oracle programs are unable to hide the
username and password on AT&T UNIX version of the operating
system.
All is not lost. It is still possible to hide the arguments
from the 'ps' program by left padding the first argument with
lots of spaces.
Does Linux falls under `any derivative of AT&T UNIX'? Perhaps I should
asked whether Linux falls in that category with regard to hidding a
password that is given in the command line?
-- "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw (sent by shaulk @ 013 . net . il) ================================================================= To unsubscribe, send mail to linux-il-request_at_linux.org.il with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail linux-il-request_at_linux.org.il
This archive was generated by hypermail 2.1.7 : Sat 03 Jul 2004 - 13:56:32 IDT