Re: hide the commabd executed from ps,who
On Thu, May 18, 2000 at 12:57:18AM +0800, 50191914@uxmail.cityu.edu.hk wrote
>
>
> On Tue, 16 May 2000, Ethan Benson wrote:
>
> > On Tue, May 16, 2000 at 09:29:55PM +0200, Robert Waldner wrote:
> > > On Tue, 16 May 2000 11:56:07 PDT, "Sean 'Shaleh' Perry" writes:
> > > >On 16-May-2000 50191914@uxmail.cityu.edu.hk wrote:
> > > >> How can I hide the commond I am executing so that people can't see
> > > >> it from ps,or who?For example,if i use mysql by typing mysql -u myname -p
> > > >> passsword ..people can see my password...So it would be good if I can
> > > >> hide what i am doing from other user...espcially for some program which
> > > >> I can specify my password in command line...
> > > >
> > > >don't put your password on the commandline. Even if ps does not show it, it
> > > >will appear in /proc.
> > >
> > > So the real question is: how can you manage so that not everything in /proc
> > > is world-readable (is that´s possible by design)?
> > >
> >
> > that is just the way it is, there is no way to change that in the
> > standard kernel. i say standard kernel because there is a security
> > patch which adds several security options to the kernel config, such
> > as non-executable stack (which does no good) and tighter permissions
> > on /proc. i think the way it works is instead of those files being
> > world readable they are mode 440/550 instead of 444/555, and you can
> > specify the group as a /proc mount option. this way you could allow
> > all members of the wheel group to see all processes but everyone else
> > can only see processes they own not any others.
> >
> > this proc patch has been proposed to be installed in the standard
> > kernel but has always been rejected, i am not sure why it may very
> > well break things. i think that this should be mount option for proc
> > personally, if you don't need/want it mount proc normally, otherwise
> > mount it with -o secure,group=wheel or something.
> >
> > --
> > Ethan Benson
> > http://www.alaska.net/~erbenson/
> >
> But for example,what if I want to write a shell script which will login
> to the remote server automatically?e.g..for some cgi...etc...
>
Use SSH with RSAA authentication. No passwords, no packet sniffing,
no problems :)
John P.
--
huiac@camtech.net.au
john@huiac.apana.org.au
http://www.mdt.net.au/~john Debian Linux admin & support:technical services
Reply to: