ps shows user/password under Unix - SUMMARY

From: Lee Parsons <lparsons_at_exlogcorp.exlog.com>
Date: Tue, 25 Jan 94 16:40:14 GMT
Message-ID: <1994Jan25.164014.10370_at_exlog.com>

A number of people contacted me regarding thier experiences with the ps command revealing username password combinations. With only one exception all systems that did reveal the password are ATT based systems and those that did not are BSD.

(I think the one exception was a communcation error on my part. It contradicts my direct experence and is noted below.)

Apparently under ATT derived systems the process information shown by ps is owned by the kernel while under BSD ps shows the user's verson of the process list. Therefor oracle is unable to change the process list under ATT because it doesn't have the write access required.

The current/imperfect solution is to create a front end for the oracle tools that puts 3000 spaces in the argv before the user/passwd and execs the real tool. This is more data than ps is willing to print and will effectively hide the password.

Summary Follows:

Does Not Display Password Does Display Password

SunOS 4.1.2                             Dynix/ptxV1.4.1
Dynix 3.2.0                             SCO
Ultrix 4.2                              HP/UX
                                        SunOS 5.3
                                        SunOS 4.x <- ????

-- 
Regards, 

Lee E. Parsons                  		Baker Hughes Inteq, Inc
Oracle Database Administrator 			lparsons_at_exlog.com

Received on Tue Jan 25 1994 - 17:40:14 CET

This message: [ Message body ]
Next message: BATALLER: "DBMS criteria and functionality"
Previous message: Selina Glynn: "query detail records in Oracle forms 3"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message