Hi!
Some days ago, there was a debate on this list about the visibility of
passwords using "ps" if they were given on the command line.
I have just come across this text. While it talks about the process
name, the info still applies to command line arguments as well:
| 1.13 How do I change the name of my program (as seen by `ps')?
|
| On BSDish systems, the ps program actually looks into the address
| space of the running process to find the current argv[], and displays
| that. That enables a program to change its `name' simply by modifying
| argv[].
|
| On SysVish systems, the command name and usually the first 80 bytes of
| the parameters are stored in the process' u-area, and so can't be
| directly modified. There may be a system call to change this
| (unlikely), but otherwise the only way is to perform an exec(), or
| write into kernel memory (dangerous, and only possible if running as
| root).
|
| Some systems (notably Solaris) may have two separate versions of ps,
| one in `/usr/bin/ps' with SysV behaviour, and one in `/usr/ucb/ps'
| with BSD behaviour. On these systems, if you change argv[], then the
| BSD version of ps will reflect the change, and the SysV version won't.
|
| Check to see if your system has a function setproctitle().
Quote taken from here:
http://www.erlenstar.demon.co.uk/unix/faq_2.html#SEC22
So the client code that overwrites the password argument will be
executed on all systems, but take effect only on some.
Regards,
Jörg
--
Joerg Bruehe, Senior Production Engineer
MySQL AB, www.mysql.com
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
