Re: hide the commabd executed from ps,who
On Tue, 16 May 2000, Ethan Benson wrote:
> On Tue, May 16, 2000 at 09:29:55PM +0200, Robert Waldner wrote:
> > On Tue, 16 May 2000 11:56:07 PDT, "Sean 'Shaleh' Perry" writes:
> > >On 16-May-2000 50191914@uxmail.cityu.edu.hk wrote:
> > >> How can I hide the commond I am executing so that people can't see
> > >> it from ps,or who?For example,if i use mysql by typing mysql -u myname -p
> > >> passsword ..people can see my password...So it would be good if I can
> > >> hide what i am doing from other user...espcially for some program which
> > >> I can specify my password in command line...
> > >
> > >don't put your password on the commandline. Even if ps does not show it, it
> > >will appear in /proc.
> >
> > So the real question is: how can you manage so that not everything in /proc
> > is world-readable (is thatīs possible by design)?
> >
>
> that is just the way it is, there is no way to change that in the
> standard kernel. i say standard kernel because there is a security
> patch which adds several security options to the kernel config, such
> as non-executable stack (which does no good) and tighter permissions
> on /proc. i think the way it works is instead of those files being
> world readable they are mode 440/550 instead of 444/555, and you can
> specify the group as a /proc mount option. this way you could allow
> all members of the wheel group to see all processes but everyone else
> can only see processes they own not any others.
>
> this proc patch has been proposed to be installed in the standard
> kernel but has always been rejected, i am not sure why it may very
> well break things. i think that this should be mount option for proc
> personally, if you don't need/want it mount proc normally, otherwise
> mount it with -o secure,group=wheel or something.
>
> --
> Ethan Benson
> http://www.alaska.net/~erbenson/
>
But for example,what if I want to write a shell script which will login
to the remote server automatically?e.g..for some cgi...etc...
Reply to: