Process hiding from ps?

Alex Buell (alex.buell@tahallah.demon.co.uk)
Sat, 21 Aug 1999 20:09:45 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrea Arcangeli: "Re: VIA chipset hangs???"
Previous message: Alan Cox: "Re: AMD Athlon (K7) / anybody working on detection?"

I have succeeded in getting a program to hide itself from a 'ps -ax'
listing simply by zeroing out the argument table.

--cut--
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{
int i;

/* destroy the argument table */
for(i = 0; i < argc; i++)
memset(argv[i], 0, strlen(argv[i]));

while(1); /* hang around, just kill me with ctrl-c */
}
--cut--

I think this is a potential security problem as someone might easily
misuse this to hide a 'malicious' program, and you would not be able to
identify it so easily using ps.

Cheers,
Alex

Legalise cannabis today!

http://www.tahallah.demon.co.uk

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrea Arcangeli: "Re: VIA chipset hangs???"
Previous message: Alan Cox: "Re: AMD Athlon (K7) / anybody working on detection?"