[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] PS and /proc

Subject: [cobalt-security] PS and /proc
From: "Fragga" <fragga@xxxxxxxxxxxx>
Date: Wed, 2 Oct 2002 08:57:14 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

hello,

just a quick question.. if someone were to trojan ps to not show their
processes ( ignoring detection by ChkRootkit for the minute as this is just
a principle matter) then would it still show in /proc or is it possible to
create hidden processes which will not show in there aswell ?

i.e if i hacked together a very dirty perl script like this which went
through proc and read each cmdline then would that be a TRUE reading of the
current processes ?

perl -e 'opendir(DIR1, "/proc"); while($file = readdir(DIR1)) { open(SOURCE,
"/proc/$file/cmdline"); while (<SOURCE>) { print $_ . "\n"; }}
closedir(DIR1);'

thanks in advance,

fragga

Follow-Ups:
- Re: [cobalt-security] PS and /proc
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] Apache & SSL Update 2.0.1
Next by Date: Re: [cobalt-security] PS and /proc
Previous by thread: Re: [cobalt-security] New SSL Patch -- did anything happen ?[RaQ3]
Next by thread: Re: [cobalt-security] PS and /proc

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index