Linux, politics, and other interesting things
A post by Scott James Remnant describes how to hide command-line options from PS output. It’s handy to know that but that post made one significant implication that I strongly disagree with. It said about command-line parameters “perhaps they contain sensitive information“. If the parameters contain sensitive information then merely hiding them after the fact is not what you want to do as it exposes a race condition!
One option is for the process to receive it’s sensitive data via a pipe (either piped from another process or from a named pipe that has restrictive permissions). Another option is to use SE Linux to control which processes may see the command-line options for the program in question.
In any case removing the data shortly after hostile parties have had a chance to see it is not the solution.
Apart from that it’s a great post by Scott.