From: Muli Ben-Yehuda (mulix_at_nonexisting.hamakor.org.il)
Date: Tue 31 Aug 2004 - 18:42:35 IDT
On Tue, Aug 31, 2004 at 05:34:15PM +0300, Anatoly Vorobey wrote:
> Can you surreptitiously modify LD_PRELOAD for the user who'll be running
> ps/top (by modifying their startup files or whatever)? If you can, write
> a tiny library that redirects open() to itself and, in
> case a process is trying to open /proc/<your pid>/stat, writes out a
> similar file in a different private location, opens that instead, and
> returns the descriptor to the process. If your library is tiny enough
> and the argument check is the first thing its modified open() does, no
> one will notice the performance penalty.
That could work, but probably not with replacing the file, but rather
with hijacking every open/read/close call, keeping hold of which are
referring to to interesting files, and substituting my own
information. I did this once with ptrace, it's not pleasant, but it
works.
Anyway, thank you everyone for the answers and interesting
discussions. I think we have pretty much established that there's no
easy way to do it.
Cheers,
Muli
-- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/
=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il
This archive was generated by hypermail 2.1.7 : Tue 31 Aug 2004 - 18:51:07 IDT