From: amos_at_nonexisting.hamakor.org.il
Date: Tue 31 Aug 2004 - 16:33:40 IDT
Muli Ben-Yehuda wrote:
>On Tue, Aug 31, 2004 at 03:48:53PM +0300, Anatoly Vorobey wrote:
>
>
>>Depending on whom you wish to deceive (human or another program) and how
>>clever they are, you may want to try something as simple as
>>(oh-dear-God-I-don't-believe-I'm-gonna-say-it) naming uid 0 something
>>other than 'root' on that system.
>>
>>
>
>No go, I'm afraid. Naming uid 0 something else breaks everything that
>expects uid 0 to be named root. Also, simply adding another user named
>'foo' and giving him uid 0 breaks, because the standard tools show the
>first name in /etc/passwd that has a given uid. Depending on which one
>I put first, root or foo, all uid 0 processes will appear to belong to
>one of them.
>
>
Muli - could you give a little more background on what are you trying to
achieve?
In general - it sounds like what you are asking for is something that
some rootkits do to conceal
their tracks - have you tried there?
Cheers,
--Amos
=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il
This archive was generated by hypermail 2.1.7 : Tue 31 Aug 2004 - 16:43:27 IDT