cannot hide command name from ps -e

cannot hide command name from ps -e

[Han Pingtian]

Hi,

"jobs -Z somestring" does hide command name when being checked by "ps
aux", but it doesn't when being checked by "ps -e". And looks like if
want to deceive "ps -e", we can use prctl() on linux.

I tested this on Fedora 20 with 3.16 kernel. "jobs -Z somestring" will
change /proc/$$/cmdline, and prctl() will change /proc/$$/comm.

Re: cannot hide command name from ps -e

[Bart Schaefer]

On Oct 13,  4:29pm, Han Pingtian wrote:
}
} "jobs -Z somestring" does hide command name when being checked by "ps
} aux", but it doesn't when being checked by "ps -e". And looks like if
} want to deceive "ps -e", we can use prctl() on linux.

There's your previous potential patch here:

http://www.zsh.org/mla/workers//2012/msg00708.html

It may not apply cleanly any longer.

The discussion following that patch seemed to indicate that prctl() also
did not hide the command line in all cases.

Maybe the right thing is to use all possible such mechanisms at the same
time, rather than attempt to choose just one at configure time.

Re: cannot hide command name from ps -e

[Han Pingtian]

On Mon, Oct 13, 2014 at 10:27:31AM -0700, Bart Schaefer wrote:
> 
> Maybe the right thing is to use all possible such mechanisms at the same
> time, rather than attempt to choose just one at configure time.
Thanks. I'll try to figure out a patch.

[PATCH] Re: cannot hide command name from ps -e

[Han Pingtian]

On Tue, Oct 14, 2014 at 02:27:10PM +0800, Han Pingtian wrote:
> On Mon, Oct 13, 2014 at 10:27:31AM -0700, Bart Schaefer wrote:
> > 
> > Maybe the right thing is to use all possible such mechanisms at the same
> > time, rather than attempt to choose just one at configure time.
> Thanks. I'll try to figure out a patch.
I have figured out a patch, it works fine on Fedora 20. Please review.
Thanks!


>From c2385d70b06cfc70fa523c1406c01bb6379fa7cb Mon Sep 17 00:00:00 2001
From: Han Pingtian <hanpt@linux.vnet.ibm.com>
Date: Tue, 14 Oct 2014 15:31:28 +0800
Subject: [PATCH] 33457: hide command name when checking with "ps -e"
Status: RO
Content-Length: 1324
Lines: 46

"ps -e" on linux will check /proc/$$/comm, which can be changed by
calling prctl().

Signed-off-by: Han Pingtian <hanpt@linux.vnet.ibm.com>
---
 Src/jobs.c   | 7 +++++++
 configure.ac | 6 ++++++
 2 files changed, 13 insertions(+)

diff --git a/Src/jobs.c b/Src/jobs.c
index bd95afb..2db5a31 100644
--- a/Src/jobs.c
+++ b/Src/jobs.c
@@ -1972,6 +1972,13 @@ bin_fg(char *name, char **argv, Options ops, int func)
 	memcpy(hackzero, *argv, len);
 	memset(hackzero + len, 0, hackspace - len);
 #endif
+
+#ifdef HAVE_PRCTL
+	/* try to change /proc/$$/comm which will *
+	 * be used when checking with "ps -e"  */
+#include <sys/prctl.h>
+	prctl(PR_SET_NAME, *argv);
+#endif
 	unqueue_signals();
 	return 0;
     }
diff --git a/configure.ac b/configure.ac
index 306a005..8e5e2c5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2083,6 +2083,12 @@ AH_TEMPLATE([HAVE_SETPROCTITLE],
 AC_CHECK_FUNC(setproctitle,AC_DEFINE(HAVE_SETPROCTITLE),
 AC_SEARCH_LIBS(setproctitle,util,AC_DEFINE(HAVE_SETPROCTITLE)))
 
+dnl CHECK FOR prctl() FOR jobs -Z / ARGV0 when checking with ps -e
+AH_TEMPLATE([HAVE_PRCTL],
+[Define to 1 if the system supports `prctl' to change process name])
+AC_CHECK_FUNC(prctl,AC_DEFINE(HAVE_PRCTL),
+AC_SEARCH_LIBS(prctl,c,AC_DEFINE(HAVE_PRCTL)))
+
 dnl -------------
 dnl CHECK FOR NIS
 dnl -------------
-- 
1.9.3