Re: Hide Process?
Date: 1995/04/23
Message-ID: <D7ICp8.Muv_at_eskimo.com>#1/1
Donald Campbell <Donald_at_suedon.demon.co.uk> wrote:
>chiu_at_cc.nctu.edu.tw writes about the I can see my passwd from ps problem:
>
>> How can I hide the arguments?
>
>Two ways:
3rd: Instead of changing all the scripts that call sqlplus. Change sqlplus. It is just as easy to put a front end on plus as it is to write the safe ps you describe. I like the Idea of either throwing away the user/passwd and execing the real plus or changing the commnd line as you suggested then execing.
You probably didn't mention this because of the possability that someone might read the passwd before the exec. While that is absolutly true I would suggest that none of the solutions anyone has suggested to this problem is really secure and a OK solution is better than no solution.
>Certainly on production environments the users should not have access to
>shell and hence the problem should not occur.
Not all production environments are created equal. Further this is something like saying the way to prevent speeding is to make cars that only go 30 MPH, it is a true statement but some what drastic.
>If you write in pro-C you can play with your 'environ' to remove the
>parameter list.
This doesn't appear to work on ATT like systems. Or at least it didn't work on a Solaris 2.3 system. BSD based systems should be ok.
-- Regards, Lee E. Parsons Systems Oracle DBA lparsons_at_world.std.comReceived on Sun Apr 23 1995 - 00:00:00 CEST