Re: Re: Re: Re: Re: How best to hide command-line arguments from ps command?

Even when not run as root and the process belongs to another user.

The /usr/ucb/ps command is SetUID root, as you suggest (well, it's a wrapper for a SetUID program). In traditional Unix, ps was always SetUID root, as it read process structures directly from kernel memory. It's only in more modern Unices with /proc that it doesn't need to be, but for some reason on Solaris it still is.

To be fair, /usr/ucb/ps is a SunOS 4 compatibility-mode program, and doesn't have to be installed. I couldn't find a way to look at a process's environment with the /bin/ps, but regardless it's not safe to assume nobody else can look at your environment.

Comment on Re: Re: Re: Re: Re: How best to hide command-line arguments from ps command?

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: Re: How best to hide command-line arguments from ps command? by etcshadow (Priest) on Nov 19, 2003 at 05:22 UTC
Heh... setuid craziness. That's kind of scary. Here's a nice super-quick audit that you might want to run: find `perl -e 'print join(" ",split/:/,$ENV{PATH})'` -type f -perm -40 +00 -uid 0 2>/dev/null [download] Of course, in order to be a complete audit, though, you'd have to iterate over /, instead of just over $PATH. ------------ :Wq Not an editor command: Wq	[reply] [d/l]