user invisibility (Cloaking)
Seth H Zirin
seth at megad.UUCP
Wed Oct 9 00:54:24 AEST 1985
> > I have heard a rumor that it is possible for a user on 4.2bsd to go
> > invisible to other users.
> > Also, if it is true, could someone explain to me how it is done.
> I have made myself invisible to other users while I was logged in by
> writing a program that reads utmp, finds my entry, nulls it out, and
> then writes back the new utmp. This effectively eliminates you from
> `who',`finger',and `w'. However, this does not eliminate you from `ps'.
> `ps' looks in kmem and eliminating yourself from kmem (process tables)
> looks pretty sticky. Obviously, you need super-user privileges to cloak
> yourself. Also, some unknowing user who logs in during the split second
> you modify utmp might find themselves cloaked.
I must be missing something, but, WHY would anyone want to "cloak" themselves
for any legitimate purpose? Eliminating one's entries in the process table
would have a detrimental impact on the system in general, and on that user's
continued execution in particular. When I was a student, my favorite hack
was to get into supervisor mode and disable interrupts.
--
-------------------------------------------------------------------------------
Name: Seth H Zirin
UUCP: {decvax, ihnp4}!philabs!sbcs!megad!seth
Keeper of the News for megad
More information about the Comp.unix.wizards
mailing list