On Tue, Aug 31, 2004 at 04:33:40PM +0300, [EMAIL PROTECTED] wrote: > Muli - could you give a little more background on what are you trying to > achieve?
Make a process which is running with root capabilities appear in a standard ps output as though it belongs to user 'foo'. I can't change ps; I can't change the kernel. I can only use the standard POSIX APIs. I do have root on the system. FWIW, I thought about it for a couple of days before tossing it to the list, and I don't think it can be one. I'll be happy to be proven wrong ;-) > In general - it sounds like what you are asking for is something > that some rootkits do to conceal their tracks - have you tried > there? Not yet, although it's on my "to investigate" list. It's a long shot, most root kits I'm familiar with hide their processes completely, rather than make them appear to belong to a different user. Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/
signature.asc
Description: Digital signature
