Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!unmvax!uokmax!servalan!rmtodd From: rmtodd@servalan.uucp (Richard Todd) Newsgroups: comp.unix.wizards Subject: Re: Is it possible to hide process args from 'ps -ef'?? (Recap) Keywords: ps exec Message-ID: <1991Apr21.225044.883@servalan.uucp> Date: 21 Apr 91 22:50:44 GMT References: <1414@compel.UUCP> <1991Apr17.222700.4586@swsrv1.cirr.com> <1429@compel.UUCP> <7293@auspex.auspex.com> Organization: Ministry of Silly Walks Lines: 32 guy@auspex.auspex.com (Guy Harris) writes: >> The problem with method 2 above is, >The problem with method 2 above is that, unless ISC UNIX is fairly >different from S5 as it comes from AT&T, "ps" doesn't *look* at the >argument list on the stack - it looks at the argument list as set up in >a string in the U area at startup, so your program can twiddle the argv >list until the cows come home and it won't affect what "ps" sees. I must admit to not having great experience with "unadulterated" SysV, but on two SysV-derived systems I've used (A/UX and ISC Unix), ps by default only looks at the program name in the U area, but with the "f" flag will go ahead and find the program's stack and read the arg. list. Also, by default the U area "u_comm" field contains only argv[0] and none of the other argv[i]. Example (on my home system, running A/UX 2.0): --------------------------------------------------------------------------- 9 servalan ~[5:46pm] % ps -p 358 PID TTY TIME COMMAND 358 console 0:07 xdm 10 servalan ~[5:46pm] % ps -fp 358 UID PID PPID C STIME TTY TIME COMMAND root 358 129 0 15:34:03 console 0:07 /usr/bin/X11/xdm -nodaemon -udpPort 0 11 servalan ~[5:46pm] % --------------------------------------------------------------------------- It works the same way on ISC Unix. I thought this was standard System V behaviour. (I find it a tad unlikely that Apple and ISC would both add the ability to read the stack arglist to ps, and do so with the exact same flag...) -- Richard Todd rmtodd@uokmax.ecn.uoknor.edu rmtodd@chinet.chi.il.us rmtodd@servalan.uucp "Elvis has left Bettendorf!"