Re: hide the commabd executed from ps,who

To: debian-user@lists.debian.org
Subject: Re: hide the commabd executed from ps,who
From: John Pearson <huiac@camtech.net.au>
Date: Thu, 18 May 2000 09:27:05 +0930
Message-id: <[🔎] 20000518092705.Z476@huiac.localnet>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] Pine.SOL.4.10.10005180056240.19470-100000@moscow>; from 50191914@uxmail.cityu.edu.hk on Thu, May 18, 2000 at 12:57:18AM +0800
References: <[🔎] 20000516195127.A1150@plato.local.lan> <[🔎] Pine.SOL.4.10.10005180056240.19470-100000@moscow>

On Thu, May 18, 2000 at 12:57:18AM +0800, 50191914@uxmail.cityu.edu.hk wrote
> 
> 
> On Tue, 16 May 2000, Ethan Benson wrote:
> 
> > On Tue, May 16, 2000 at 09:29:55PM +0200, Robert Waldner wrote:
> > > On Tue, 16 May 2000 11:56:07 PDT, "Sean 'Shaleh' Perry" writes:
> > > >On 16-May-2000 50191914@uxmail.cityu.edu.hk wrote:
> > > >> How can I hide the commond I am executing so that people can't see
> > > >> it from ps,or who?For example,if i use mysql by typing mysql -u myname -p
> > > >> passsword ..people can see my password...So it would be good if I can
> > > >> hide what i am doing from other user...espcially for some program which 
> > > >> I can specify my password in command line...
> > > >
> > > >don't put your password on the commandline.  Even if ps does not show it, it
> > > >will appear in /proc.
> > > 
> > > So the real question is: how can you manage so that not everything in /proc
> > > is world-readable (is that´s possible by design)?
> > > 
> > 
> > that is just the way it is, there is no way to change that in the
> > standard kernel.  i say standard kernel because there is a security
> > patch which adds several security options to the kernel config, such
> > as non-executable stack (which does no good) and tighter permissions
> > on /proc.  i think the way it works is instead of those files being
> > world readable they are mode 440/550 instead of 444/555, and you can
> > specify the group as a /proc mount option.  this way you could allow
> > all members of the wheel group to see all processes but everyone else
> > can only see processes they own not any others.  
> > 
> > this proc patch has been proposed to be installed in the standard
> > kernel but has always been rejected, i am not sure why it may very
> > well break things.  i think that this should be mount option for proc
> > personally, if you don't need/want it mount proc normally, otherwise
> > mount it with -o secure,group=wheel or something.
> > 
> > -- 
> > Ethan Benson
> > http://www.alaska.net/~erbenson/
> > 
> But for example,what if I want to write a shell script which will login
> to the remote server automatically?e.g..for some cgi...etc...
> 

Use SSH with RSAA authentication.  No passwords, no packet sniffing, 
no problems :)


John P.
-- 
huiac@camtech.net.au
john@huiac.apana.org.au
http://www.mdt.net.au/~john Debian Linux admin & support:technical services

Reply to:

References:
- Re: hide the commabd executed from ps,who
  - From: Ethan Benson <erbenson@alaska.net>
- Re: hide the commabd executed from ps,who
  - From: <50191914@uxmail.cityu.edu.hk>

Prev by Date: Re: dpkg status history...how much is too much?
Next by Date: Re: transfer files
Previous by thread: Re: hide the commabd executed from ps,who
Next by thread: Re: hide the commabd executed from ps,who
Index(es):
- Date
- Thread