Bugtraq mailing list archives
Re: Process hiding in linux
From: peterw () USA NET (Peter W)
Date: Fri, 17 Mar 2000 13:33:47 -0500
At 11:44pm Mar 15, 2000, Pavel Machek wrote:
/proc/pid allows strange tricks (2.3.49):
pavel@bug:~/misc$ ps aux | grep grep Warning: /boot/System.map has an incorrect kernel version. Warning: /usr/src/linux/System.map has an incorrect kernel version.
... interesting bits about /proc/$PID/status interface and how having an open filehandle to a defunct proc's status can hide info from ps ... 1) The 2.3.x series [like all N.M.x kernels where ((M % 2) == 1)] are development kernels, not for production use. 2) The 2.3.x development tree is up to 2.3.99-pre1, according to http://www.kernel.org/ (Granted, 2.3.49 was only superceded nine days ago, and 2.3.99-pre1 appears to really be 2.3.52, but that just goes to illustrate that this is a developers' alpha release.) In other words, check it on the current code (and what's up with having the wrong System.map installed?) and post to the linux kernel-dev mailing list if the dev kernel seems to have a bug. If they ignore you and seem happy to release what you believe to be a product with a security flaw, let the world know. -Peter http://www.bastille-linux.org/ : working towards more secure Linux systems
Current thread:
- IE and Outlook 5.x allow executing arbitrary programs using .eml files Georgi Guninski (Mar 14)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .emlfiles Sylwester Zarębski (Mar 15)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files David LeBlanc (Mar 15)
- Re: IE and Outlook 5.x allow executing arbitrary programs using.eml files Georgi Guninski (Mar 17)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files Ryan Russell (Mar 15)
- [TL-Security-Announce] dump-0.4b11-1 and earlier TLSA200007-1 Katie Moussouris (Mar 15)
- Process hiding in linux Pavel Machek (Mar 15)
- Re: Process hiding in linux Peter W (Mar 17)
- PIX DMZ Denial of Service - TCP Resets Andrew Alston (Mar 20)
- vqserver /........../ Johan Nilsson (Mar 21)
- Re: PIX DMZ Denial of Service - TCP Resets Darren Reed (Mar 21)
- Re: PIX DMZ Denial of Service - TCP Resets Guido van Rooij (Mar 27)
- Re: Process hiding in linux Peter W (Mar 17)
- Re: Process hiding in linux Pavel Machek (Mar 20)
- Security Bulletins Digest Aleph One (Mar 20)
- Hide Drives does not work with OUTLOOK 98. jhw1970 () HOTMAIL COM (Mar 22)
- Re: Process hiding in linux egmont () FAZEKAS HU (Mar 22)