RFC: KCmdLineArgs::obfuscateOption()

Adriaan de Groot groot at kde.org
Mon Oct 4 21:32:35 BST 2004

On Monday 04 October 2004 22:04, Jarosław Staniek wrote:
> Adriaan de Groot wrote:
> > On Monday 04 October 2004 21:04, Jarosław Staniek wrote:
> >>     qstrcpy(argv[i+1], (const char*)pwd);
> >
> > Is this portable in any fashion? ISTR that Solaris, for one, still keeps
> > the args around elsewhere for ps(1), so your patch would just give a
> > false sense of security.
> Of course, it's not probable, and kinit/setproctitle.cpp will help as Waldo
> mentioned. From a quick look at newest MySQL server's code, I can say
> they're doing the same simple thing as me.

"It's wrong, it's bogus, and doesn't work anyway, but someone else does it 
too." On both Solaris and FreeBSD, changing argv doesn't work. ps(1) reports 
to _original_ arguments to the process, not the munged versions. The stuff in 
setproctitle doesn't work either -- we're left with gobs of kdeinits and no 
real way to tell them apart. So if you add this particular kind of munging of 
argv[], you are just giving KDE users a false sense of security: on _some_ 
installations of KDE, the option will be obfuscated, and on others, it will 

All in all I really object to this - call it 
perhapsObfuscateOptionIfYouRunTheRightKindOfSystem() if you must, but do not 
let it loose on an unsuspecting public.

Don't worry, 't ain't no shame to be stupid - ol' mouse.
    GPG: FEA2 A3FE Adriaan de Groot

More information about the kde-core-devel mailing list