Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

prohibit other user "top" my commands

1 view
Skip to first unread message

ela

unread,
Nov 17, 2009, 8:01:19 PM11/17/09
to
every users can top and therefore know each other running what jobs with
exact parameters and outputs. How to hide one's command from top?


Lew Pitcher

unread,
Nov 17, 2009, 8:03:16 PM11/17/09
to
On November 17, 2009 20:01, in alt.os.linux, ela (e...@yantai.org) wrote:

> every users can top and therefore know each other running what jobs with
> exact parameters and outputs.

Yes? So?

> How to hide one's command from top?

In short, you can't

If you have secret information, you /cannot/ put it into a commandline and
expect it to remain secret. Sorry.

If you want it to remain secret, pass it through an environment variable, or
have the process read it from a file.

--
Lew Pitcher
Master Codewright & JOAT-in-training | Registered Linux User #112576
Me: http://pitcher.digitalfreehold.ca/ | Just Linux: http://justlinux.ca/
---------- Slackware - Because I know what I'm doing. ------


Message has been deleted

Jim Diamond

unread,
Nov 17, 2009, 9:26:34 PM11/17/09
to
On 2009-11-17 at 21:03 AST, Lew Pitcher <lpit...@teksavvy.com> wrote:
> On November 17, 2009 20:01, in alt.os.linux, ela (e...@yantai.org) wrote:
>
>> every users can top and therefore know each other running what jobs with
>> exact parameters and outputs.
>
> Yes? So?
>
>> How to hide one's command from top?
>
> In short, you can't
>
> If you have secret information, you /cannot/ put it into a commandline and
> expect it to remain secret. Sorry.

> If you want it to remain secret, pass it through an environment variable,

As it turns out, that isn't true.

Try the ironically-named option 'ewwwww' to ps:

ps ewwwww

Lo and behold, the environment of the command.

Cheers.
Jim

ela

unread,
Nov 17, 2009, 10:08:06 PM11/17/09
to

"Black Dragon" <b...@nomail.invalid> wrote

> Switch to FreeBSD. Such things can be tuned with `sysctl`. Example:
>
> /etc/sysctl.conf
>
> -------------------------------------------------------------------
>
> # $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $
> #
> # This file is read when going to multi-user and its contents piped thru
> # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
> #
>
> # Uncomment this to prevent users from seeing information about processes
> that
> # are being run under another UID.
> #security.bsd.see_other_uids=0

This is the best choice, yet centos having the same file under /etc, but no
such feature enabled! >.<


Florian Diesch

unread,
Nov 18, 2009, 6:10:16 AM11/18/09
to
"ela" <e...@yantai.org> writes:

> every users can top and therefore know each other running what jobs with
> exact parameters and outputs. How to hide one's command from top?

AFAIK that can be done with Grsecurity's /proc protection

Florian
--
<http://www.florian-diesch.de/software/shell-scripts/>

Lew Pitcher

unread,
Nov 18, 2009, 9:16:45 AM11/18/09
to
On November 17, 2009 21:26, in alt.os.linux, Jim Diamond
(Jim.D...@nospam.AcadiaU.ca) wrote:

Darn! and another of my attempts at security bites the dust.

I learn something new every day.

Now that I know that some of my scripts are exposed, I'll have to check out
alternatives.

Thanks for the heads-up. :-)

Message has been deleted
0 new messages