On Tue, Jun 15, 2010 at 3:51 PM, venkat raman <[email protected]> wrote: > dear friends, > if i am running a process in rhel5, i dont want the process > should be monitor by top command.Is there any way,pls suggest me..
What is your goal? As far as I know this is not something anybody has attempted. If you can see a process that is running how can you affect its operation? You can do that only by writing to its memory space. One way you can achieve this is by writing to its stack using buffer overflows or by misusing the predictability in malloc or even by hijacking a TCP connection by guessing the sequence number arithmetic. Just by seeing a process running using top or ps does not get you anywhere, does it? So people don't try to hide processes like this. Instead they try to do privilege dropping, revocation, chroot to /var/empty and by running with lower privileges as some other user than root disallow rogue processes to take control. malloc space randomization and canary in stack growth ensures protection against buffer overflow attacks. Read papers by Theo on address space protection. propolice and related technologies are used for guarding against buffer overflows which are a bane of the C programming language... -Girish -- Gayatri Hitech web: http://gayatri-hitech.com SpamCheetah Spam filter: http://spam-cheetah.com _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
