hello,
just a quick question.. if someone were to trojan ps to not show their
processes ( ignoring detection by ChkRootkit for the minute as this is just
a principle matter) then would it still show in /proc or is it possible to
create hidden processes which will not show in there aswell ?
i.e if i hacked together a very dirty perl script like this which went
through proc and read each cmdline then would that be a TRUE reading of the
current processes ?
perl -e 'opendir(DIR1, "/proc"); while($file = readdir(DIR1)) { open(SOURCE,
"/proc/$file/cmdline"); while (<SOURCE>) { print $_ . "\n"; }}
closedir(DIR1);'
thanks in advance,
fragga
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
