Re: Shadow Shell?
This is a discussion on Re: Shadow Shell? within the Linux Security forums, part of the System Security and Security Related category; Dnia Wed, 18 Jun 2003 15:59:17 GMT, Kenneth A Kauffman napisał(a): > What happens is that each ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-24-2003
|
|||
|
|||
Re: Shadow Shell?
Dnia Wed, 18 Jun 2003 15:59:17 GMT, Kenneth A Kauffman napisał(a):
> What happens is that each script will execute the binary and remove your > username from the output via grep -v. ....but it's easy to detect. Here's a simple patch for procps-3.1.9 package (well, to be exact for libproc library): <http://underground.org.pl/gminick/patches/procps-hide.patch> ....and now you're invisible for w, ps, top and all the stuff using (in case of default installation) /lib/libproc.so.3.1.9 It won't work for 'who' because 'who' is only reading from utmp file. It's really easy to patch who, but if you are not able to do it yourself - simply - remove who from your system ;] HTH. ;> -- [ Wojtek Walczak - gminick (at) underground.org.pl ] [ <http://gminick.linuxsecurity.pl/> ] [ "...rozmaite zwroty, matowe od patyny dawnosci." ] 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 03:18 PM.
