vijay@ddsw1.MCS.COM (Vijay Gurbani) (12/27/90)
Hi Folks:
I need to hide the command line arguments to a daemon that I am writing.
This daemon logs on to an ORACLE database and runs SQL command scripts. The
command line arguments to it are the database user name and password. You
can obviously see the security leak open (for ORACLE tables) to anybody
using the "ps -ef" command.
This is what I have tried so far :
:
:
strcpy(Login, argv[1]); /* Save the name/password combination */
strcpy(Passwd, argv[2]);
argv[1] = argv[2] = '\0'; /* Erase the arguments on command line */
/** Code for setpgrp() and closing file descriptors is not shown **/
/** to conserve space and make the example short and sweet **/
switch (fork()) {
case 0 : break; /* Child - handle the required task */
case -1 : perror("fork"); /* Handle error */
exit(1);
default : exit(0); /* Parent - die! (UNIX is so bloody :-) ) */
}
: /* Rest of the daemon */
:
The only problem is that on a "ps -ef" the command line arguments still
show. I cannot blank them out. How do I communicate with the external envi-
ronment? Does anybody know how to do this? If so, please drop me a line at
vijay@ddsw1.mcs.com. If there is enough interest, I will post a summary of the
results.
FYI : OS - System V R3.2
Thanks in advance...
-vijay
--
Vijay Gurbani | "I'm not bad...I'm just drawn that way"- Jessica Rabbitt
vijay@ddsw1.mcs.com | "I'm not a bug...I'm just a feature implemented that
Chicago, IL |____ way...!!"
Occupation: ??????????? | - Robert T. Morris' Internet Worm on its defense
--
--
Vijay Gurbani | "I'm not bad...I'm just drawn that way"- Jessica Rabbitt
vijay@ddsw1.mcs.com | "I'm not a bug...I'm just a feature implemented that
Chicago, IL |____ way...!!" marz@cbnewsm.att.com (martin.zam) (12/29/90)
In article <1990Dec26.195655.14647@ddsw1.MCS.COM>, vijay@ddsw1.MCS.COM (Vijay Gurbani) writes: > Hi Folks: > I need to hide the command line arguments to a daemon that I am writing. > This daemon logs on to an ORACLE database and runs SQL command scripts. The > command line arguments to it are the database user name and password. You > can obviously see the security leak open (for ORACLE tables) to anybody > using the "ps -ef" command. > > The only problem is that on a "ps -ef" the command line arguments still > show. I cannot blank them out. How do I communicate with the external envi- > ronment? Does anybody know how to do this? If so, please drop me a line at > vijay@ddsw1.mcs.com. If there is enough interest, I will post a summary of the > results. > > FYI : OS - System V R3.2 > It seems to me that you are attacking the problem from the wrong side. Shouldn't Oracle provide you a secure method of using their product? I identified this problem several years ago, and got a fix from Oracle. They have since come up with some sort of auto login procedure that no longer requires username/passwd on the command line as an alternative. It picks up your identity from your login (I think), and logs you into the database without a password. Back to the original fix for this problem ... We got Oracle to provide a patch tape to us for UTS. It was a .o file that I linked into sqlplus and sqlforms as a user exit, that overwrote the username/passwd with blanks in the piece of memory that ps looks at. Oracle denied that this could be done, and still do as a matter of fact, but the bottom line is that it does exist, and if you scream loudly enough, you can get it. I am just about to enter into this argument with them again as I have a new machine to get up and running. Hope this helps, Martin Zam (201)564-2554