Re: Hide Process?

From: Lee Parsons <lparsons_at_eskimo.com>
Date: 1995/04/23
Message-ID: <D7ICp8.Muv_at_eskimo.com>#1/1

Donald Campbell <Donald_at_suedon.demon.co.uk> wrote:
>chiu_at_cc.nctu.edu.tw writes about the I can see my passwd from ps problem:
>
>> How can I hide the arguments?
>
>Two ways:

	3rd: Instead of changing all the scripts that call sqlplus. Change
	     sqlplus. It is just as easy to put a front end on plus as it 
             is to write the safe ps you describe. I like the Idea of 
             either throwing away the user/passwd and execing the real plus
             or changing the commnd line as you suggested then execing.

You probably didn't mention this because of the possability that someone might read the passwd before the exec. While that is absolutly true I would suggest that none of the solutions anyone has suggested to this problem is really secure and a OK solution is better than no solution.

>Certainly on production environments the users should not have access to
>shell and hence the problem should not occur.

Not all production environments are created equal. Further this is something like saying the way to prevent speeding is to make cars that only go 30 MPH, it is a true statement but some what drastic.

>If you write in pro-C you can play with your 'environ' to remove the
>parameter list.

This doesn't appear to work on ATT like systems. Or at least it didn't work on a Solaris 2.3 system. BSD based systems should be ok.

-- 
Regards, 

Lee E. Parsons                  		
Systems Oracle DBA	 			lparsons_at_world.std.com

Received on Sun Apr 23 1995 - 00:00:00 CEST

This message: [ Message body ]
Next message: Martin Miron: "Problemes with trigger"
Previous message: Blv n Drms: "Re: Hide Process?"
In reply to chiu_at_cc.nctu.edu.tw: "Hide Process?"
Next in thread: jpope_at_mojo.europe.dg.com: "Re: Hot Backups"
Reply: jpope_at_mojo.europe.dg.com: "Re: Hot Backups"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message