Path: utzoo!utgpu!cunews!micor!latour!ecicrl!clewis From: clewis@ferret.ocunix.on.ca (Chris Lewis) Newsgroups: comp.unix.wizards Subject: Re: Is it possible to hide process args from 'ps -ef'?? Keywords: ps exec Message-ID: <1421@ecicrl.ocunix.on.ca> Date: 19 Apr 91 22:45:40 GMT References: <1414@compel.UUCP> Organization: Elegant Communications Inc., Ottawa, Canada Lines: 44 In article <1414@compel.UUCP> her@compel.UUCP (Helge Egelund Rasmussen) writes: >It is possible to give Oracle programs the username/password on the >command line, ie : > $ sqlplus scott/tiger >This is all very nice, BUT when another user execute 'ps -ef' he/she >can see the password! >Is it possible to hide the arguments, so that they won't show up in >the 'ps' output (possibly by 'exec'ing sqlplus in some devious way :-)?? I don't know how bullet proof this is, or how portable, but on many versions of UNIX you can overwrite the character strings that the argv[] array points to. Ie: main(...) { char *p; /* parse arguments */ for (i = 0; i < argc; i++) for (p = argv[i]; *p; p++) *p++ = '\0'; You probably only have to zero the first byte in the argv[i] strings. We used to do this to rename/hide executing game programs at a company I used to work for. BTW: BSD 4.1 accounting wouldn't even show jobs that had a control character in their name ;-) This doesn't help directly, because you presumably don't have source to sqlplus, and this only works for the *current* process. What you could do is something like the above, but after clobbering arguments, pipe/fork/exec sqlplus, and stuff the password down the pipe, then relinquish stdin to the terminal. This, does still leave a short window tho... Frankly, if you're concerned about the password, you shouldn't do this anyways - it becomes too tempting to put passwords in shell scripts... -- Chris Lewis, Phone: (613) 832-0541, Internet: clewis@ferret.ocunix.on.ca UUCP: uunet!mitel!cunews!latour!ecicrl!clewis; Ferret Mailing List: ferret-request@eci386; Psroff (not Adobe Transcript) enquiries: psroff-request@eci386 or Canada 416-832-0541. Psroff 3.0 in c.s.u soon!