Re: ssh-agent and Linux



Harold Weissman <HaroldW22@xxxxxxxxxxx> wrote:
I frequently run ssh-agent with its socket created at a different
location than the default one. When one does a ps command, one can see
where the socket has been created.

Would it be possible to do things in such a way that ps does not
reveal this information? I seem to remember coming across applications
that would prevent that from happening - that is, after processing they
would mangle their command line arguments so that ps would only print out
a string of x's, or something like that, in their stead.

At least to some extent, this has to do with the OS. As an example,
Solaris will record the first 80 characters of the exec string in the
kernel. The application cannot do anything to itself that will modify
that string in the future. So the original invocation is always visible
with 'ps'.

Presumably if this were a security concern, the application could be
extended to read the socket definition from somewhere other than the
command line (stdin, file with strict permissions, etc.)

--
Darren Dunham ddunham@xxxxxxxx
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
.



Relevant Pages

  • Re: problem with Socket.Available
    ... > I try to implement a reusable socket class to send and receive data. ... you will find the code for this class (TcpHelper). ... probably connection closed by peer"); ... > (command, bytesRead, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: OO network protocol
    ... >I'm thinking of a String command that is the name of a class, then loading, ... and implementing an interface that does the socket command. ... Another approach is to use an enum. ...
    (comp.lang.java.programmer)
  • Re: CANNOT receive UDP data in SERVICE program
    ... UDP" is really a powerful command I didn't know before. ... Broadcast online request which brings local command socket port ... Call setsockopt to set a 5000ms TIMEOUT option on #SOCK1; ... In fact I can see the command data in Sniffer, ...
    (microsoft.public.win32.programmer.networks)
  • Re: CANNOT receive UDP data in SERVICE program
    ... After downloading a SERVICE source code and copy my codes into it, ... UDP" is really a powerful command I didn't know before. ... Broadcast online request which brings local command socket port ... In fact I can see the command data in Sniffer, ...
    (microsoft.public.win32.programmer.networks)
  • Re: CANNOT receive UDP data in SERVICE program
    ... UDP" is really a powerful command I didn't know before. ... Broadcast online request which brings local command socket port ... Call setsockopt to set a 5000ms TIMEOUT option on #SOCK1; ... In fact I can see the command data in Sniffer, ...
    (microsoft.public.win32.programmer.networks)