user invisibility (Cloaking)
maurice at nmtvax.UUCP
maurice at nmtvax.UUCP
Mon Oct 14 07:46:55 AEST 1985
>> How to cloak oneself depends on your goal. If you merely want
>> anonymity, login as root. If you wish to be invisible, try naming
>> your shell "getty".
To truly vanish will require lots of work with other things too.
Of course the most noticible is /etc/utmp, and then there is fixing
ps not to show you, but there are several other things too. First there
is /usr/adm/wtmp. Unless that is fixed too, running the last(1) program
will show a user as still being logged in. Some places have the 'top'
program that was distributed over the net a while back (another ps like
program) that will need to be fixed as well. Then there is the lastlog
of when users last logged in. That can be watched for changes. Another
is watching the character device for access and modify time changes.
Active terminals can be noted, as well as their owners. Granted that
for most of these fixes, one needs be root as that the files are (or at
least should be) protected from general write access, and kmem without
general read access. These seem to be most of what I can think of,
perhaps there are more subtil ways, I can think of one already, but
to say it in general, you can run, but you can't hide. Perhaps from
99% of the users you can, but someone will still be able to see that
you are there from one thing or another.
Roger Levasseur
New Mexico Tech
More information about the Comp.unix.wizards
mailing list