Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!rbj From: rbj@uunet.UU.NET (Root Boy Jim) Newsgroups: comp.unix.wizards Subject: Re: Is it possible to hide process args from 'ps -ef'?? (Recap) Keywords: ps exec Message-ID: <130078@uunet.UU.NET> Date: 22 Apr 91 23:56:46 GMT References: <1991Apr17.222700.4586@swsrv1.cirr.com> <1429@compel.UUCP> <7293@auspex.auspex.com> Organization: UUNET Communications Services, Falls Church, VA Lines: 33 In article <7293@auspex.auspex.com> guy@auspex.auspex.com (Guy Harris) writes: >The problem with method 2 above is that, unless ISC UNIX is fairly >different from S5 as it comes from AT&T, "ps" doesn't *look* at the >argument list on the stack - it looks at the argument list as set up in >a string in the U area at startup, so your program can twiddle the argv >list until the cows come home and it won't affect what "ps" sees. Around here, we run lots of sendmail, uucp, news, and a bit of ftp. We like to know what's going on, so we use a function called 'setproctitle' (from the sendmail distribution). A bit of ps: 653 ? S N 10:14 -accepting smtp connections (sendmail) 5665 ? I 3:51 -timbuk.cray.com IHAVE (in.nntpd) 6175 ? I 0:01 -wuarchive.wustl.edu IHAVE (in.nntpd) 12017 ? S N 0:00 -mmmmmmm: SLAVE R (uucico) 12819 ? R N 0:00 -M2C.M2C.ORG: HELO m2c.m2c.org (sendmail) 13841 ? I N 0:03 -SSSSSSS-SSSSSS.ARMY.MIL:lskdfj: RETR ls-ltR.Z (in.ftpd) 14575 ? I N 0:01 -AA25083 finabo.abo.fi: greeting wait (sendmail) 15843 ? S N 0:11 -harpo.ssf-sys.DHL.COM:mbisted: RETR 1.39.tar.Z.18 (in.ftpd) 18014 ? I N 1:21 -AA22570 tohu0.weizmann.ac.il: user open (sendmail) 29152 ? S 4:00 -dddddd: MASTER SENDING (uucico) We have a line in /etc/rc which says: FILLER=" "; export FILLER to give us some environment space to write over. I certainly hope that future versions of UNIX will continue to provide this information in the same fashion. At least provide a switch. Don't tell me this is non-portable; it just happens to be the oldest way. -- [rbj@uunet 1] stty sane unknown mode: sane