It is currently Mon, 18 Nov 2019 21:44:03 GMT



 
Author Message
 How to hide the command line arguments list
Hello,

Anyone knows how to hide the command line arguments list to the "ps"
command ?

I tried an interesting suggestion from Oracle consisting in padding
3000 (more or less) '/' chars in argv[0], it works fine on SCO Unix,
AIX and Digital Unix.

Are there other methods ?

Thank you.

Sent via Deja.com http://www.**-**.com/
Before you buy.



 Fri, 31 Jan 2003 03:00:00 GMT   
 How to hide the command line arguments list

   You can't hide it on every OS.  See if whatever it is you're
trying to hide allows sensitive information to be read in from a
file or from standard input rather than be supplied on command
line.

                              - Chris Costello <ch...@FreeBSD.org>



 Fri, 31 Jan 2003 03:00:00 GMT   
 How to hide the command line arguments list
1. restrict access to ps so the people you don't want to see
the command line are unable to run ps.

2. get the source code to ps and modify it so that it edits
the display for "certain" commands.  this is commonly
done by hackers so existing code should be easy to find
and modify.

3. don't write code that puts important or secret data
on the command line in the first place!!
3a. don't buy or use software that requires you to perform #3.

--
Erik van Bronkhorst

If you were a gladiator in olden days, I bet the inefficiency
of how the gladiator fights were organized and scheduled
would just drive you up a wall.

                     -- Deep Thoughts, by Jack Handey



 Fri, 31 Jan 2003 03:00:00 GMT   
 How to hide the command line arguments list
Erik van Bronkhorst <kc6...@subdimension.com> writes:

Sometimes the sources where ps gets its data are not privileged.  For
instance, on Linux, any user can read the command line of any other
process from /proc/pid/cmdline.  And even if ps does get its data from
some magic place that mere mortals can't use (like /dev/kmem), there
may well be other programs installed that do the same thing.
Basically ps may not be the only place to get that data, so hacking it
won't necessarily work.

Also, most commercial systems won't give you the source code to
things like `ps'.

Agreed.

--

Nate Eldredge
neldre...@hmc.edu



 Fri, 31 Jan 2003 03:00:00 GMT   
 How to hide the command line arguments list

Here is a demo that shows how to accomplish the desired results
on Linux.  This may or may not work on any other system.

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>

#define NEWNAME "No Name Program"

int
main(int argc, char *argv[])
{
  if (strstr(*argv, NEWNAME) == NULL) {
    execl(*argv, NEWNAME, NULL);
    perror("foo");
  }
  while (1) sleep(1);
  return EXIT_SUCCESS;

--
Floyd L. Davidson                          fl...@barrow.com
Ukpeagvik (Barrow, Alaska)



 Fri, 31 Jan 2003 03:00:00 GMT   
 How to hide the command line arguments list
Floyd Davidson <fl...@ptialaska.net> in comp.unix.programmer wrote:

[code snipped]

Try ps -fe.

This question is answered in 1.13.

--
         v  
Ivica Loncar



 Sun, 02 Feb 2003 03:00:00 GMT   
 How to hide the command line arguments list

Answered in 1.13 what?  And what does "ps -fe" do that is significant?
The 'f' option causes a threaded output and the 'e' options causes the
environment to be shown.  Neither option has much to do with whether
the command line is displayed.

Hence I'm not sure what you point is.  Can you expand on it a bit?

--
Floyd L. Davidson                          fl...@barrow.com
Ukpeagvik (Barrow, Alaska)



 Sun, 02 Feb 2003 03:00:00 GMT   
 How to hide the command line arguments list
On 16 Aug 2000 07:22:46 -0800,
        Floyd Davidson <fl...@ptialaska.net> wrote:

Unix programming FAQ. See for example
http://www.faqs.org/faqs/unix-faq/programmer/faq/

It shows you process stats.

Wrong type of ps. You're talking about BSD style ps. The poster was
talking about later standards for ps.

Martien
--
Martien Verbruggen              |
Interactive Media Division      | If at first you don't succeed, try
Commercial Dynamics Pty. Ltd.   | again. Then quit; there's no use
NSW, Australia                  | being a damn fool about it.



 Tue, 04 Feb 2003 03:00:00 GMT   
 How to hide the command line arguments list

Exactly.  And it requires a great deal more information to explain
to someone than just saying "This question is answer in 1.13."
(Which, by the way, it is not.)

No, it doesn't.  My article and the the article to which I
responded both referenced Linux in specific, which is the specif
reason that I provided an example of how to accomplish the
requested task on a Linux box.  The OP requested other
techniques, and the FAQ does not address that particular
technique, or Linux, at all.

Later standards???  More like recent.  ;-)

As noted, the article I responded to specifically stated
"Sometimes the sources where ps gets its data are not
privileged.  For instance, on Linux, any user can read the
command line of any other process from /proc/pid/cmdline."

The OP listed three different UNIXes and asked if there were
other methods; hence to say that it was restricted even
originally to a SysV style ps command, is not accurate.

However, I believe you missed what I thought was the obvious
enough point of my response to le...@neuro-tron.hr (Ivica
Loncar), which is that a cryptic response that only makes sense
if you already know the answer is nonsense and does not help the
person asking a question.

  Floyd

--
Floyd L. Davidson                          fl...@barrow.com
Ukpeagvik (Barrow, Alaska)



 Tue, 04 Feb 2003 03:00:00 GMT   
 How to hide the command line arguments list
Floyd Davidson <fl...@ptialaska.net> in comp.unix.programmer wrote:

[and I stopped]

comp.unix.programmer FAQ

I appologize for accidental posting. Simple explanation is: It was my
mistake, and I thought I've deleted it. I haven't read this group last
days, so I had no idea it was sent. Sorry, again.

Btw. If we are talking about linux procps version 2.0.6 ps '-f' produces
full output and '-e' selects all processes. '-fe' is equivalent to '-f
-e' not 'f e'. On 4th Berkley Distribution '-e' shows environment and
'-f' shows commandline and environment of swaped out processes.

On linux I could also write:

  /* linux */
  for (i = 1; i < argc; ++i) {
    siz = strlen(argv[i]);
    for (int j = 0; j < siz; ++j )
      argv[i][j] = '*';
  }

I think this is easier to use then re-exec.

--
         v  
Ivica Loncar



 Thu, 06 Feb 2003 03:00:00 GMT   
 How to hide the command line arguments list

Ah, that makes sense!  (I couldn't figure out why anyone who
knew how to reference the FAQ would intentionally give an
incomplete reference to the point of being unusable.  The
simple answer is it wasn't intentional!)

One is the old SysV option set and the other is the old BSD option set.

It does obscure the command line, but it doesn't replace it with
anything useful either.  Plus, if hiding it is the intent, then
putting a '*' in place of each character is probably not a good
idea.  Why not just strcpy "*" to argv[0] and "" to all of the
others?  Otherwise someone still knows how many args and how
many characters in each, which might be more information than
one wants to give away.

However, the code I posted previously allows _any_ desired
command line to replace the original one, which is a more
general solution (though not always needed either).

--
Floyd L. Davidson                          fl...@barrow.com
Ukpeagvik (Barrow, Alaska)



 Thu, 06 Feb 2003 03:00:00 GMT   
 How to hide the command line arguments list

   This won't work on every operating system.  I've said it
before--there _is_ no way you can reliably change the process
name.  Some systems supply a setproctitle(), some systems let you
modify the argument vector, but if you need to hide something
from the command line don't put it on the command line.  For
Oracle I've heard of a way to specify a password file.  Most
anything that requires you to specify a password (or any other
security-related information) on a command line is poorly written
and should be dragged out to the street and shot.

                              - Chris Costello <ch...@FreeBSD.org>



 Thu, 06 Feb 2003 03:00:00 GMT   
 How to hide the command line arguments list
Floyd Davidson <fl...@ptialaska.net> in comp.unix.programmer wrote:

Yes, but if I would use your code I would need some way to distinguish
command line parametars and recover them later (I suppose that program
we're talking about is some kind of a daemon). I don't see how can I do
it with your code (actually I do, but it's a lot more complicated then
something similar to my code).

Anyway, hiding cmd line args is not the solution. IMO if you use it
you're just asking for trouble (people are curious little animals).
Still, it can be used to announce current state of your program.

--
         v  
Ivica Loncar



 Thu, 06 Feb 2003 03:00:00 GMT   
 How to hide the command line arguments list
Chris Costello <ch...@FreeBSD.org> in comp.unix.programmer wrote:

I realize that and I agree.

--
         v  
Ivica Loncar



 Thu, 06 Feb 2003 03:00:00 GMT   
 How to hide the command line arguments list

It can't correctly be done by only writing to the argv strings,
which might be either arbitrarily small or non-existant.  A new
argv array has to be generated to guarantee sufficient space for
the desired command line string.  That can only be done by
exec'ing a new process because while the ISO/ANSI C Standard
says the strings are writable, modifying argv or its contents is
not allowed; hence you cannot simply malloc new space for the
strings.

It is certainly not a *portable* solution.  It is, however, a
functional Linux solution.  The OP asked for a list of different
system specific ways to accomplish it, and that is one.  Clearly
it works very well on Linux and could be recommended for any
program which is otherwise inherently non-portable.  (With one
caveat:  It does not hide the original process name from
argv[0], only the arguments.)

Below is a program to demonstrate.  It should give anyone a
serious dose of the creeps to see "ps ax" output while this demo
is running.  It will print the original command line arguments
to the screen every 10 seconds, but they cannot be found using
ps or by looking in /proc.

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#define NEWNAME "sendmail D...@crackerzden.com < /etc/shadow"
int main(int argc, char *argv[])
{
  char **av;
  int  i;

  if (!( av = malloc(sizeof(char *) * argc))) return 0;
  if (!(av[0] = malloc(strlen(NEWNAME) + 1))) return 0;
  strcpy(av[0], NEWNAME);
  for (i = 1; argc > i; ++i) {
    if (!(av[i] = malloc(strlen(argv[i])+1))) return 0;
    strcpy(av[i], argv[i]);
  }
  av[argc] = NULL;

  if (!strstr(*argv, *av)) {
    execv(*argv, av); perror("foo");
  }

  while (--argc)
    for (i = strlen(argv[argc]); i; --i) argv[argc][i-1] = 0;

  while (1) {
    if (av[1] && av[1][0]) {
      printf("\nCommand line arguments: ");
      for (i = 1; av[i]; ++i) printf("%s ", av[i]);
      putchar('\n');
    }
    sleep(10);
  }
  return 0;

--
Floyd L. Davidson                          fl...@barrow.com
Ukpeagvik (Barrow, Alaska)



 Fri, 07 Feb 2003 03:00:00 GMT   
 
   [ 15 post ] 

Similar Threads

1. Howto hide command line arguments in a c programm

2. hiding command line arguments

3. hiding command-line arguments

4. How to hide command line arguments from ps(1)

5. Command line to hide mouse cursor

6. Hiding command line parms from ps

7. How to hide command line args under Solaris

8. Hiding command line from ps


 
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software