That’s it. I have a program that starts up with a unencrypted password (don’t look at me like that - I didn’t write it) as a command line parameter. This means it is visible to anyone who can run ps on the box.
Does anyone know a way of hiding or obscuring a command line from ps in Linux?
I don’t think you can prevent ps from seeing it, but I do believe you can write over argv[n] with the same number of characters (or spaces). It would then be hidden, except for the few milliseconds between startup, and the obscurring code being run.
No idea if writing over argv[n] changes what ps sees. Try it and see.
Replace ps with a shell script that filters the output of ps-moved (e.g., ps-moved | grep -v process-they-shouldn't-see, and use your sudoers file to restrict direct calling of the actual /bin/ps-moved.
alterego I’m not in control of the box so I don’t think that’s an option.
Bewildebeest That sounds interesting, I’ll give it a try tomorrow (it’s past going home time here) I wonder tho’ that what matters is what Linux saw as the command line when the program was initiated so overwriting argv[1] won’t hide that.
Ahh I get it. Well that’s easy, then.
Create a shell script, myScript, that outputs your password
Put ~/bin at the front of your PATH and put myScript in that directory
Change the permissions of myScript such that only you can read/execute
Invoke your program with, e.g.,
./program --password=myScript