Re: ssh-agent and Linux



Harold Weissman <HaroldW22@xxxxxxxxxxx> wrote:
I frequently run ssh-agent with its socket created at a different
location than the default one. When one does a ps command, one can see
where the socket has been created.

Would it be possible to do things in such a way that ps does not
reveal this information? I seem to remember coming across applications
that would prevent that from happening - that is, after processing they
would mangle their command line arguments so that ps would only print out
a string of x's, or something like that, in their stead.

At least to some extent, this has to do with the OS. As an example,
Solaris will record the first 80 characters of the exec string in the
kernel. The application cannot do anything to itself that will modify
that string in the future. So the original invocation is always visible
with 'ps'.

Presumably if this were a security concern, the application could be
extended to read the socket definition from somewhere other than the
command line (stdin, file with strict permissions, etc.)

--
Darren Dunham ddunham@xxxxxxxx
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
.