[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP: Environment protection for UNIX



> I wrote:
> > 	main (int argn, char **argv, char **envv)
> > 	{
> > 	    for ( ; *envv ; ++envv) {
> > 	        if (!strncmp(*envv,"PGP",3)) {
> > 	            char *c=*envv;
> > 	            while (*c) *c++=' ';
> > 	        } /* end of if */
> > 	    } /* end of for */
> > 	    system("printenv");
> > 	    sleep(10);
> > 	}
> And I should've enclosed it in #ifdef STUPID ... #endif.  I misread
> the putenv(3) man page and didn't realize that you could just use 
> 
> 	putenv("PGPPATH=");
> 	putenv("PGPPASS=");
> 
> To wipe those variables out of your environment...  They still might
> get caught by a 'ps -eaxuww' but chances are slim.  Is it posible to
> alter your arguments so they're not visible to 'ps -auxww'?

Well, I like this one.  It lets you put little messages in place of argv[0].

#include <stdio.h>

char 	buff[100];
int	esc = 27;

void main(int argc, char *argv[])
{
puts("Enter message.\n");
scanf("%s", buff); 
execl("/nfs/dorado/unsup/bin/ftp", buff, NULL);
}


+-----------------------+-----------------------------+---------+
| J. Michael Diehl ;-)  | I thought I was wrong once. | PGP KEY |
| [email protected] |   But, I was mistaken.      |available|
| [email protected]   |                             | Ask Me! |
| (505) 299-2282        +-----------------------------+---------+
|                                                               |
+------"I'm just looking for the opportunity to be -------------+
|            Politically Incorrect!"   <Me>                     |
+-----If codes are outlawed, only criminals wil have codes.-----+
+----Is Big Brother in your phone?  If you don't know, ask me---+