From: Muli Ben-Yehuda (mulix_at_nonexisting.hamakor.org.il)
Date: Tue 31 Aug 2004 - 16:52:14 IDT
On Tue, Aug 31, 2004 at 04:33:40PM +0300, amos_at_amos.mailshell.com wrote:
> Muli - could you give a little more background on what are you trying to
> achieve?
Make a process which is running with root capabilities appear in a
standard ps output as though it belongs to user 'foo'. I can't change
ps; I can't change the kernel. I can only use the standard POSIX
APIs. I do have root on the system.
FWIW, I thought about it for a couple of days before tossing it to the
list, and I don't think it can be one. I'll be happy to be proven
wrong ;-)
> In general - it sounds like what you are asking for is something
> that some rootkits do to conceal their tracks - have you tried
> there?
Not yet, although it's on my "to investigate" list. It's a long shot,
most root kits I'm familiar with hide their processes completely,
rather than make them appear to belong to a different user.
Cheers,
Muli
-- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/
=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il
This archive was generated by hypermail 2.1.7 : Tue 31 Aug 2004 - 17:04:14 IDT