Re: How best to hide command-line arguments from ps command?

You can use the term echo off like they posted above or you can have a command line argument for a password file. the password file just contains a plain text password. You can then enter the password in the file and chmod it so that you are the only one that can read it. This allows non-interactive use of the script while still being flexible (ie not hardcoding a db password in the script). If permissions are set correctly on the file only you and root would be able to read it. If you are worried about root reading it you should go somewhere else and run your program because root can do and see anything.

-Waswas

Comment on Re: How best to hide command-line arguments from ps command?

Replies are listed 'Best First'.
Re: Re: How best to hide command-line arguments from ps command? by sauoq (Abbot) on Nov 18, 2003 at 23:36 UTC
You can then enter the password in the file and chmod it so that you are the only one that can read it. If you were to do something like this, you shouldn't chmod the file after creating it, but rather use a restrictive umask right off the bat. Otherwise, the file will be temporarily readable. This race condition would be almost impossible to exploit, but it should be avoided anyway. -sauoq "My two cents aren't worth a dime.";	[reply]
Re: Re: How best to hide command-line arguments from ps command? by jordanh (Chaplain) on Nov 19, 2003 at 00:45 UTC
I do something like this, but as an extra step I have the program check the permissions on the file and refuse to use it if it's readable by anyone but the owner. It's too easy to negligently not set the correct permissions or change them incorrectly at some later point and having the program fail, with a message, helps to protect you here.	[reply]