Return to BSD News archive
Xref: sserve comp.os.386bsd.misc:643 alt.security.pgp:1300 Path: sserve!newshost.anu.edu.au!munnari.oz.au!network.ucsd.edu!news.cerf.net!pagesat!decwrl!uunet!Germany.EU.net!mcsun!news.eunet.fi!funic!nntp.hut.fi!nntp.hut.fi!tri From: tri@snakemail.hut.fi (Timo Rinne) Newsgroups: comp.os.386bsd.misc,alt.security.pgp Subject: PGP-2.3a hide command line arguments Date: 30 Jul 93 04:36:10 GMT Organization: Helsinki University of Technology Lines: 109 Distribution: inet Message-ID: <TRI.93Jul30063610@beta.hut.fi> Reply-To: Timo.Rinne@hut.fi NNTP-Posting-Host: beta.hut.fi -----BEGIN PGP SIGNED MESSAGE----- I hacked a patch for pgp version 2.3a to hide it's command line arguments so that they can not be seen from ps(1) output. It seems to work ok in 386bsd. I haven't tested it on other systems but it should work on BSD 4.3 systems that are _NOT_ based on MACH. Install this patch with `patch -p < filename'. - -- I Timo Rinne I Cirion oy I Working computer hardware is a lot I I Timo.Rinne@hut.fi I PL 250 I like an erect penis: It stays up I I tri@cirion.fi I 00120 HELSINKI I as long as you don't fuck with it. I Hi! I am a .signature virus. Copy me into your .signature to join in! *** PGP 2.3 public key available *** >>>>>>>>>>>>>>>>>> C U T H E R E >>>>>>>>>>>>>>>>>> *** pgp.c.orig Sat Jul 3 02:22:22 1993 - --- pgp.c Fri Jul 30 06:21:02 1993 *************** *** 327,332 **** - --- 327,388 ---- #endif /* TEMP_VERSION */ + #if defined(__386BSD__) + /* + ** Command line argument hiding in 386bsd. This should work on other + ** BSD 4.3 systems, except on those based on MACH. This kludge is + ** written by Timo Rinne <tri@cirion.fi> July 1993. I hope you find + ** this one makes you feel a little bit ($0.05) more secure. + ** Macro INIT_PROC_TITLE is to be called first thing in the main function. + ** arguments argv and argc shoud be passed to main. This section is part + ** of the main program module and should be before main function. + */ + #define INIT_PROC_TITLE() ((Argv = argv), \ + (LastArgv = argv[argc-1] + strlen(argv[argc-1])), \ + (argv = DuplicateArgv(argc, argv)), \ + (SetProcTitle(""))) + /* + ** Idea of function setproctitle is from sendmail 5.64. + */ + static char **Argv = NULL; /* pointer to argument vector */ + static char *LastArgv = NULL; /* mpinter to the end of argument space. */ + static SetProcTitle(char *str) + { + char *p; + int i; + char buf[256]; + strncpy(buf, str, 255); + buf[255] = '\000'; + p = Argv[0]; + *p++ = '-'; + i = strlen(buf); + if (i > LastArgv - p - 2) { + i = LastArgv - p - 2; + buf[i] = '\0'; + } + (void)strcpy(p, buf); + p += i; + while (p < LastArgv) + *p++ = ' '; + } + /* + ** This function duplicates argv vector. Function xmalloc is part of + ** the pgp package and it is simply malloc that returns only if memory + ** allocation is succesfull. Unsuccesful xalloc aborts program. + */ + static char **DuplicateArgv(int argc, char **argv) + { + char **nargv; + int i; + nargv = (char **)xmalloc((argc + 1) * sizeof(char *)); + nargv[argc] = NULL; + for(i = 0; (argv && (i < argc) && (argv[i])); i++) { + nargv[i] = (char *)xmalloc((strlen(argv[i]) + 1) * sizeof(char)); + strcpy(nargv[i], argv[i]); + } + return nargv; + } + #endif /* defined(__386BSD__) */ /* -f means act as a unix-style filter */ /* -i means internalize extended file attribute information, only supported *************** *** 410,415 **** - --- 466,474 ---- #ifdef DEBUG1 verbose = TRUE; #endif + #if defined(__386BSD__) + INIT_PROC_TITLE(); + #endif /* defined(__386BSD__) */ /* The various places one can get passwords from. * We accumulate them all into two lists. One is * to try on keys only, and is stored in no particular >>>>>>>>>>>>>>>>>> C U T H E R E >>>>>>>>>>>>>>>>>> -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLFiWkd023rbQXPl5AQEJwQQA7u4QoMYG164T+2Q8vSqLfrN7mOtaCnxq rZEiuwPmj/npbOxadWIvEZOuckB/7Bhf1G02te8RyNcWBYy2Z0VNcs3p2Rh1fjLP tXm/5jCQkdLMysqVPitJoc3Ot3agiUETC1kDtZsuUfL41v8RHS1ZQnJU+ag3V8FR rt+JPcHY1wk= =uken -----END PGP SIGNATURE-----