Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!ames!lll-tis!ptsfa!ihnp4!ihdev!pdg
From: pdg@ihdev.ATT.COM (Joe Isuzu)
Newsgroups: comp.unix.questions
Subject: Re: Destroying arguments
Message-ID: <1409@ihdev.ATT.COM>
Date: Tue, 26-May-87 11:59:37 EDT
Article-I.D.: ihdev.1409
Posted: Tue May 26 11:59:37 1987
Date-Received: Thu, 28-May-87 03:06:47 EDT
References: <15605@gatech.gatech.edu>
Reply-To: pdg@ihdev.UUCP (Joe Isuzu)
Distribution: comp.unix.questions
Organization: American Nasal Amputation Centre
Lines: 31

In article <15605@gatech.gatech.edu> hope@gatech.UUCP (Theodore Hope @ LEGOLAND) writes:
>In article <199@celerity.UUCP> jjw@celerity.UUCP (Jim (JJ) Whelan) writes:
>>Anyone with a Berkeley based system should check out what happens with
>>	"ps axww"
>If you _really_ want secure (i.e., unreadable) arguments then fill up your
>environment with _lots_ of junk.  Twenty-five or so environment variables set
>to about 70 characters each will keep 'w' and 'ps' from displaying them, even
>with ps axwwwwwww.
>This works on BSD systems, although different implementations might "require"
>you to have much more in your environment.
>I don't think it works on SysV.

Actually it does.  System V ps does not have an option for displaying
the environment, though.  It isn't difficult to find, however, and
anyone with the slightest kernel hacking experience could do such an
addition.  I don't recommend the above method (filling the
environment).  Remember this is overhead on process creation.  There
are also certain programs (none I know under Berkeley, but a few under
system V) that will break (read core dump) if the environment is too
large.  (I still would maintain that that is a bug which should be
fixed - but that'll take a long time).  If you want to fix this on a
system wide basis, and have a reasonably secure system (ps, w setgid
to kmem, and mem, kmem unreadable by all), why not just fix up ps and
w to display u.u_comm, instead of looking for all the args?  And turn
off the environment option while you are there (this is also good for
seeing what directory someone is in as csh and ksh add this into the
environment).  
-- 

Paul Guthrie				"Another day, another Jaguar"
ihnp4!ihdev!pdg				    -- Pat Sajak