Re: How to hide command line passed to my own tool
Re: How to hide command line passed to my own tool
- Subject: Re: How to hide command line passed to my own tool
- From: Mike Smith <email@hidden>
- Date: Wed, 29 Sep 2004 12:28:30 -0700
On Sep 29, 2004, at 12:04 PM, email@hidden wrote:
Message: 7
Date: Wed, 29 Sep 2004 20:35:55 +0200
From: Martin Bestmann <email@hidden>
Subject: How to hide command line passed to my own tool
To: email@hidden
Message-ID: <email@hidden>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Hi,
I'm writing a command line tool. When I call this tool from my app I
like to hide those parameters so that ps or other tools like this can
not see them.
The commandline is, by definition, public information. If you don't
want your tool's
arguments visible, pass them elsewhere.
Some common techniques:
1) Create a file using mkstemp with appropriate permissions, write
arguments into
it and pass the name of the file.
2) Create a file using mkstemp and no permissions, unlink it, write
arguments into it,
seek to zero and pass the descriptor (mark it no close on exec) to the
tool.
3) Create a pipe, pass one end of it to the tool, write the arguments
into the other end.
Each of these techniques is simple, reliable and completely effective.
#1 is secure
against other users, but not against the user that the tool runs as.
#2 and #3 are
secure against anyone that can't trace your processes.
Setproctitle, when implemented, is for informative purposes only; since
it can't be
called until well after the process starts, the arguments can still be
read during
process startup.
= Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden