> > On Thursday 30 Oct 2003 5:11 pm, Yannick Warnier wrote: > > > Le jeu 30/10/2003 ŕ 17:56, Gary Stainburn a écrit : > > > > You can write $0 as well as reading it, which will change what > > > > appears when you run ps etc. > > > > > > > > This can be usefull for security reasons such as hiding > sensitive > > > > data passed on the command line, and also for returning status > information for > > > > daemons. > > > > > > How? Could you explain that for me? > > > > > > Thanks, > > > Yannick > > > > security > > > > if you have the script: > > > > mylogon -u username -p password > > > > and someone (doesn't have to be root) runs > > > > ps ax > > > > they will see the command line that started the process, including > > your > > username and password. > > > > by having the command > > > > $0='mylogon -u xxxx -p xxxx'; > > > > near the top of your script the data is hidden from prying eyes.
Except it may be recordfed in a .history file or something similar also So if they can do ps and see the xxx version then they can probably see An .files that keep your command typing history. Just another 2cents about why security through obscurity is not good. > > > > This should *NOT* be used for security purposes. It is very > instance and system dependent, from perldoc perlvar: > > $0 Contains the name of the program being executed. On > some oper- > ating systems assigning to $0 modifies the argument area that > the ps program sees. This is more useful as a way of indicat- > ing the current program state than it is for hiding > the program > youâre running. (Mnemonic: same as sh and ksh.) > > Note for BSD users: setting $0 does not completely remove > "perl" from the ps(1) output. For example, setting > $0 to "foo- > bar" will result in "perl: foobar (perl)". This is an operat- > ing system feature. > > Security through obscurity bad..... > http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
