site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Message: 7 Date: Wed, 29 Sep 2004 20:35:55 +0200 From: Martin Bestmann <martin@no.netopia.com> Subject: How to hide command line passed to my own tool To: darwin-dev@lists.apple.com Message-ID: <6609B010-1246-11D9-8254-000393D77230@no.netopia.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Hi, I'm writing a command line tool. When I call this tool from my app I like to hide those parameters so that ps or other tools like this can not see them. Some common techniques: = Mike _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... On Sep 29, 2004, at 12:04 PM, darwin-dev-request@lists.apple.com wrote: The commandline is, by definition, public information. If you don't want your tool's arguments visible, pass them elsewhere. 1) Create a file using mkstemp with appropriate permissions, write arguments into it and pass the name of the file. 2) Create a file using mkstemp and no permissions, unlink it, write arguments into it, seek to zero and pass the descriptor (mark it no close on exec) to the tool. 3) Create a pipe, pass one end of it to the tool, write the arguments into the other end. Each of these techniques is simple, reliable and completely effective. #1 is secure against other users, but not against the user that the tool runs as. #2 and #3 are secure against anyone that can't trace your processes. Setproctitle, when implemented, is for informative purposes only; since it can't be called until well after the process starts, the arguments can still be read during process startup. This email sent to site_archiver@lists.apple.com