Newsgroups: comp.unix.wizards
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!casbah.acns.nwu.edu!navarra
From: navarra@casbah.acns.nwu.edu (John 'tms' Navarra)
Subject: Re: Is it possible to hide process args from 'ps -ef'?? (Recap)
Message-ID: <1991Apr24.025417.5182@casbah.acns.nwu.edu>
Organization: Northwestern University
References: <7326@auspex.auspex.com> <1991Apr23.090439.29024@casbah.acns.nwu.edu> <z91980@idunno.Princeton.EDU>
Date: Wed, 24 Apr 1991 02:54:17 GMT
Lines: 54

In article <z91980@idunno.Princeton.EDU> subbarao@phoenix (Kartik Subbarao) writes:
>In article <1991Apr23.090439.29024@casbah.acns.nwu.edu> navarra@casbah.acns.nwu.edu (John 'tms' Navarra) writes:
>>
>>            I have been vaguely following this discussion and this might 
>> sound simple (and of course it might not work) but if you want to hide a 
>> process from ps (like a passwd call) how bout this:
>>
>> make a /bin/ps which does the following:
>>
>>        exec /bin/psfiltered | grep -v passwd
>
>Changing a system program is a really Stupid way of solving the problem.
>First, the person that wants to do this is not necessarily the superuser,
>or one with kmem access. 

       I realize that the intent was not necc for someone without superuser 
 priveledges. That does not mean that there is not an interest in hiding 
 passwd calls if you have superuser privs. 

>
>Secondly, it's really simple to have the program read the "secret"
>arguments from the tty (maybe even using getpass!), rather than have to have 
>them passed as arguments.

         Explain this one. If you don't have write access to other people's
 terminals (which most systems don't now a days) how will you get the 'secret'
 argument?
>
>
>In any event, systems programs should not be changed on simple whims like
>this. It's important that they be functional as they're expected to.
>
>		-Kartik

    I agree with you that perhaps you should not muck around with the system
 programs. How bout a univeral alias that pipes grep -v passwd thru ps. 
 The whole point of this is not to advertise that it is being done, but rather
 to stop people from trying to do 'timely' ps's.

>
>
>
>--
>internet# rm `df | tail +2 | awk '{ printf "%s/quotas\n",$6}'`
>
>subbarao@phoenix.Princeton.EDU -| Internet
>kartik@silvertone.Princeton.EDU (NeXT mail)  
>SUBBARAO@PUCC.BITNET			          - Bitnet


-- 
From the Lab of the MaD ScIenTiST:
      
navarra@casbah.acns.nwu.edu
