Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!think.com!mintaka!bloom-beacon!eru!hagbard!sunic!dkuug!compel!her From: her@compel.UUCP (Helge Egelund Rasmussen) Newsgroups: comp.unix.wizards Subject: Re: Is it possible to hide process args from 'ps -ef'?? (Recap) Keywords: ps exec Message-ID: <1429@compel.UUCP> Date: 19 Apr 91 08:09:56 GMT References: <1414@compel.UUCP> <1991Apr17.222700.4586@swsrv1.cirr.com> Organization: Compel, Copenhagen, DK Lines: 33 >>Is it possible to hide the arguments, so that they won't show up in >>the 'ps' output (possibly by 'exec'ing sqlplus in some devious way :-)?? I received a lot of replies for this question (Thanx to all!!), and the main result (until now) is that it isn't really possible (at least not in the general case). The best ones so far is: 1: exec the program with a very long argument ie. "//////////////////////////sqlplus scott/tiger" The idea of this is presumably, that ps only will show the first n characters of the argument list. 2: Modify the argv[] list in the exec'ed program after startup. This will ofcourse be a problem with sqlplus, but might work with 'runform' (using a user exit) or "home made" applications. My questions are now: Will 1 above work? Even if ps won't show the arguments, it might be possible to write a program which can read the argument list from memory. Is this possible? If it is, then this method isn't really safe. The problem with method 2 above is, as far as I can see, that it wouldn't be really safe because of race conditions. Ie. sometimes a user might have time to execute a PS in the time after the exec, and before the application have had time to destroy the argv structure. Is this correct? Helge --- Helge E. Rasmussen . PHONE + 45 36 72 33 00 . E-mail: her@compel.dk Compel A/S . FAX + 45 36 72 43 00 . Copenhagen, Denmark