On Tue, 16 May 2000, Ethan Benson wrote:
> On Tue, May 16, 2000 at 09:29:55PM +0200, Robert Waldner wrote: > > On Tue, 16 May 2000 11:56:07 PDT, "Sean 'Shaleh' Perry" writes: > > >On 16-May-2000 [EMAIL PROTECTED] wrote: > > >> How can I hide the commond I am executing so that people can't see > > >> it from ps,or who?For example,if i use mysql by typing mysql -u myname -p > > >> passsword ..people can see my password...So it would be good if I can > > >> hide what i am doing from other user...espcially for some program which > > >> I can specify my password in command line... > > > > > >don't put your password on the commandline. Even if ps does not show it, > > >it > > >will appear in /proc. > > > > So the real question is: how can you manage so that not everything in /proc > > is world-readable (is that?s possible by design)? > > > > that is just the way it is, there is no way to change that in the > standard kernel. i say standard kernel because there is a security > patch which adds several security options to the kernel config, such > as non-executable stack (which does no good) and tighter permissions > on /proc. i think the way it works is instead of those files being > world readable they are mode 440/550 instead of 444/555, and you can > specify the group as a /proc mount option. this way you could allow > all members of the wheel group to see all processes but everyone else > can only see processes they own not any others. > > this proc patch has been proposed to be installed in the standard > kernel but has always been rejected, i am not sure why it may very > well break things. i think that this should be mount option for proc > personally, if you don't need/want it mount proc normally, otherwise > mount it with -o secure,group=wheel or something. > > -- > Ethan Benson > http://www.alaska.net/~erbenson/ > But for example,what if I want to write a shell script which will login to the remote server automatically?e.g..for some cgi...etc...
