Forum: Ruby General Solution to spawning a Unix process whose arguments cannot be seen by other processes ...

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Xeno C. (Guest)
on 2008-11-04 02:51
(Received via mailing list)
I know root can get into anything and hack out this information, but
given the
presumption that nobody could get root on my system:

1.  How would I generally spawn processes to the shell whose arguments
would not
be easily visible to others on the server (I am already going https over
the
net, so that is at least minimally covered)...?
2.  Is the subversion gem a good way to do this specifically for
subversion?
3.  Is there some other paradigm or perspective which would perhaps lead
me to a
better way all around of doing what I seem to want, which is to make a
rhtml GUI
that allows password access to certain secure commands?

Note among other things that I am doing load-each-time CGI with
everything, no
mod_ruby, so there's nothing going to lie around in memory forever, and
at the
same time $Save=0 is not an option.  Also, this is an internal project,
so it is
NOT first-tier security from direct public access.

xc
Ara H. (Guest)
on 2008-11-04 08:01
(Received via mailing list)
On Nov 3, 2008, at 5:49 PM, Xeno C. wrote:

> lead me to a better way all around of doing what I seem to want,
>
> --
> Those unfortunate enough to lean more to contrary than truth,
> as they age, find themselves struggling gleefully in a deluded cloud,
> only to waken too late mutilated in an iron maiden of their own
> reality.
>


send the commands on stdin to the program.

IO.popen 'cmd', 'r+' do |pipe|
   pipe.write commands
end

you can't with all programs but if you are in control of them you sure
can.


a @ http://codeforpeople.com/
Heesob P. (Guest)
on 2008-11-04 08:45
(Received via mailing list)
2008/11/4 Xeno C. <removed_email_address@domain.invalid>:
> I know root can get into anything and hack out this information, but given
> the presumption that nobody could get root on my system:
>
> 1.      How would I generally spawn processes to the shell whose arguments
> would not be easily visible to others on the server (I am already going
> https over the net, so that is at least minimally covered)...?
On Linux, you can hide command line argument by setting $0 to
something else in the
spawned process.

Regards,
Park H.
This topic is locked and can not be replied to.