On Thu, May 18, 2000 at 12:57:18AM +0800, [EMAIL PROTECTED] wrote > > > On Tue, 16 May 2000, Ethan Benson wrote: > > > On Tue, May 16, 2000 at 09:29:55PM +0200, Robert Waldner wrote: > > > On Tue, 16 May 2000 11:56:07 PDT, "Sean 'Shaleh' Perry" writes: > > > >On 16-May-2000 [EMAIL PROTECTED] wrote: > > > >> How can I hide the commond I am executing so that people can't see > > > >> it from ps,or who?For example,if i use mysql by typing mysql -u myname > > > >> -p > > > >> passsword ..people can see my password...So it would be good if I can > > > >> hide what i am doing from other user...espcially for some program > > > >> which > > > >> I can specify my password in command line... > > > > > > > >don't put your password on the commandline. Even if ps does not show > > > >it, it > > > >will appear in /proc. > > > > > > So the real question is: how can you manage so that not everything in > > > /proc > > > is world-readable (is that´s possible by design)? > > > > > > > that is just the way it is, there is no way to change that in the > > standard kernel. i say standard kernel because there is a security > > patch which adds several security options to the kernel config, such > > as non-executable stack (which does no good) and tighter permissions > > on /proc. i think the way it works is instead of those files being > > world readable they are mode 440/550 instead of 444/555, and you can > > specify the group as a /proc mount option. this way you could allow > > all members of the wheel group to see all processes but everyone else > > can only see processes they own not any others. > > > > this proc patch has been proposed to be installed in the standard > > kernel but has always been rejected, i am not sure why it may very > > well break things. i think that this should be mount option for proc > > personally, if you don't need/want it mount proc normally, otherwise > > mount it with -o secure,group=wheel or something. > > > > -- > > Ethan Benson > > http://www.alaska.net/~erbenson/ > > > But for example,what if I want to write a shell script which will login > to the remote server automatically?e.g..for some cgi...etc... >
Use SSH with RSAA authentication. No passwords, no packet sniffing, no problems :) John P. -- [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.mdt.net.au/~john Debian Linux admin & support:technical services
