home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.security.misc
- Path: sparky!uunet!usc!elroy.jpl.nasa.gov!lambda.msfc.nasa.gov!news
- From: palmer@Trade_Zone.msfc.nasa.gov (Paul (Cliffy) Palmer)
- Subject: Re: Hiding Unix processes?
- Message-ID: <1992Dec14.205108.15193@lambda.msfc.nasa.gov>
- Sender: news@lambda.msfc.nasa.gov (Newsmaster)
- Nntp-Posting-Host: isabella.msfc.nasa.gov
- Reply-To: palmer@Trade_Zone.msfc.nasa.gov
- Organization: New Technology, Inc.
- References: <1992Dec14.182651.13894@cc.ic.ac.uk>
- Date: Mon, 14 Dec 1992 20:51:08 GMT
- Lines: 31
-
-
- >In article <1g42e5INNoac@darkstar.UCSC.EDU>, speth@cats.ucsc.edu (James Gustave) writes:
- >
- > Is there a way to mask all of your running processes, similar to what the
- > execl command can do for a single process? I don't really like having
- > everyone be able to see what I'm doing all the time.
- > I'm running SunOS Release 4.1.1, and I don't have root privs.
-
- As a normal user, I have never run across a mechanism to do this in a
- fool proof manner.
-
- However, on hosts where it was necessary to segregate users, I have
- removed the setuid bit from the ps (and pstat) programs, moved them
- aside and placed wrappers in their place. These setuid wrappers would
- inspect their arguments and make sure they did not include any requests
- to see other user's processes. Valid requests were then processed by
- invoking the original ps or pstat program.
-
- This solution is simple, but less than ideal because some requests are
- difficult to verify (requests for processes by process-id or
- controlling terminal.) The best solution was to modify the ps source
- code to perform the appropriate checking.
-
- In summary, if you have the assistance of your system administrator,
- you have a couple of options. If not, I would be interested in hearing
- anything that you come up with.
-
- ----
-
- Paul (Cliffy) Palmer
-
-
