blanking out arguments to daemons
martin.zam
marz at cbnewsm.att.com
Sat Dec 29 07:40:21 AEST 1990
In article <1990Dec26.195655.14647 at ddsw1.MCS.COM>, vijay at ddsw1.MCS.COM (Vijay Gurbani) writes:
> Hi Folks:
> I need to hide the command line arguments to a daemon that I am writing.
> This daemon logs on to an ORACLE database and runs SQL command scripts. The
> command line arguments to it are the database user name and password. You
> can obviously see the security leak open (for ORACLE tables) to anybody
> using the "ps -ef" command.
>
> The only problem is that on a "ps -ef" the command line arguments still
> show. I cannot blank them out. How do I communicate with the external envi-
> ronment? Does anybody know how to do this? If so, please drop me a line at
> vijay at ddsw1.mcs.com. If there is enough interest, I will post a summary of the
> results.
>
> FYI : OS - System V R3.2
>
It seems to me that you are attacking the problem from the wrong side.
Shouldn't Oracle provide you a secure method of using their product?
I identified this problem several years ago, and got a fix from Oracle.
They have since come up with some sort of auto login procedure that
no longer requires username/passwd on the command line as an alternative.
It picks up your identity from your login (I think), and logs you into
the database without a password.
Back to the original fix for this problem ...
We got Oracle to provide a patch tape to us for UTS. It was a .o file
that I linked into sqlplus and sqlforms as a user exit, that overwrote
the username/passwd with blanks in the piece of memory that ps looks at.
Oracle denied that this could be done, and still do as a matter of fact,
but the bottom line is that it does exist, and if you scream loudly
enough, you can get it. I am just about to enter into this argument
with them again as I have a new machine to get up and running.
Hope this helps,
Martin Zam
(201)564-2554
More information about the Comp.unix.questions
mailing list