On Thu, Mar 20, 2008 at 07:25:19PM +0200, Shachar Shemesh wrote: > Valery Reznic wrote: > > >--------> Below is important part > ><------------------------ > > If the header of a file isn?t recognized > >(the attempted execve(2) > > returned ENOEXEC), these functions will > >execute the shell (/bin/sh) > > with the path of the file as its first > >argument. (If this attempt > > fails, no further searching is done.) > > > Yes, I do believe you nailed it. > > After Matan's email I tried running the set with strace, and realized it > was, indeed, a user space thing. As I need that for a (user space) > program that intercepts the actual kernel calls (and sometimes emulates > them), I will assume that the governing rule is that a program can have > just one shell script in its interpreter path. > > And now to a slightly related subject - does anyone know how I can > change the command line that appears in "ps" for a program after it has > been run? I know it should be possible, because I vaguely remember > programs that receive sensitive information in command line and try to > immediately hide it, but merely writing to the argv addresses did not > bring the desired results, and /proc/self/cmdline seems to be read only.
I happenned to stumble on this question recently. prctl(2) has PR_SET_NAME. An even simpler solution, that may work on non-Linux too and may be good enough, is softlink. -- Dan Kenigsberg http://www.cs.technion.ac.il/~danken ICQ 162180901 ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
