Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!ncar!csn!ccncsu!purdue!haven.umd.edu!udel!princeton!phoenix.Princeton.EDU!tty!keyboard!subbarao!kartik
From: subbarao@phoenix.Princeton.EDU (Kartik Subbarao)
Newsgroups: comp.unix.wizards
Subject: Re: Is it possible to hide process args from 'ps -ef'?? (Recap)
Message-ID: <azqWTfzkMcEiA@idunno.Princeton.EDU>
Date: 24 Apr 91 12:49:33 GMT
References: <1991Apr23.090439.29024@casbah.acns.nwu.edu> <z91980@idunno.Princeton.EDU> <1991Apr24.025417.5182@casbah.acns.nwu.edu>
Sender: news@idunno.Princeton.EDU
Reply-To: subbarao@phoenix (Kartik Subbarao)
Lines: 41

In article <1991Apr24.025417.5182@casbah.acns.nwu.edu> navarra@casbah.acns.nwu.edu (John 'tms' Navarra) writes:
>>Changing a system program is a really Stupid way of solving the problem.
>>First, the person that wants to do this is not necessarily the superuser,
>>or one with kmem access. 
>
>>Secondly, it's really simple to have the program read the "secret"
>>arguments from the tty (maybe even using getpass!), rather than have to have 
>>them passed as arguments.
>
>         Explain this one. If you don't have write access to other people's
> terminals (which most systems don't now a days) how will you get the 'secret'
> argument?

What I mean is that, instead of accepting the password in an argument, the
program should use getpass() or something to prompt the user to type it in
after he runs the program. Clear?

>>In any event, systems programs should not be changed on simple whims like
>>this. It's important that they be functional as they're expected to.
>>
>    I agree with you that perhaps you should not muck around with the system
> programs. How bout a univeral alias that pipes grep -v passwd thru ps. 
> The whole point of this is not to advertise that it is being done, but rather
> to stop people from trying to do 'timely' ps's.

Gee, what if I have a program that's called "passwd", or some other
argument that is called "passwd", or whatever you plan to grep -v. This is
downright silly. An OS should not be made unpredictable in its behavior
because one user can't write a program that calls getpass() to get
sensitive information. It's really simple. Really it is.


			-Kartik


--
internet# rm `df | tail +2 | awk '{ printf "%s/quotas\n",$6}'`

subbarao@phoenix.Princeton.EDU -| Internet
kartik@silvertone.Princeton.EDU (NeXT mail)  
SUBBARAO@PUCC.BITNET			          - Bitnet