Re: help a novelist sound credible?
From: Shane (shane_at_weasel.is-a-geek.net)
Date: 05/04/05
- Next message: bi-weekly: "A new reader? Welcome to alt.os.linux, read this first if you're new here (FAQ)"
- Previous message: justMe: "Re: help a novelist sound credible?"
- In reply to: David Heddle: "help a novelist sound credible?"
- Next in thread: Peter T. Breuer: "Re: help a novelist sound credible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 04 May 2005 11:03:41 +1200
On Tue, 03 May 2005 12:35:04 -0400, David Heddle wrote:
> Hello,
>
> I am writing a novel, a sort of techno thriller. So I am a writer, not a
> hacker, although I am fairly computer savvy.
>
> If you want to verify that I am a writer, not a hacker, see the page for my
> latest book at http://heddle.typepad.com/here_eyeball_this/ and match the
> name and email to what is in this message.
>
> What I am looking for is a credible way that someone could have hidden
> something in Linux (or any OS) so that a process with a "magic" name could
> run undetected.
>
> As I understand it, processes are given an ID and are stored in a hashtable.
> But processes also have names, which I guess is the name of the executable?
> So could a magic name have been (hypothetically) place in the Linux code
> that allowed a process to run but perhaps avoid being placed in the process
> table?
>
> Maybe that's dumb, probably it is, but I think it is enough to make my
> point. I am looking for credible suggestions, even if they only "sound"
> believable--i.e. you experts would know it wasn't possible, but even
> seasoned application (though non-OS) programmers would say, hmm, that might
> be possible, both of these points:
>
> 1) A way that a process could run completely hidden, even from root,
> preferably based on a hidden magic name
>
> 2) How someone might have hidden that "feature" in the linux source
> code, and it remained undetected. I thought about a hash of the magic name
> represented in octal and hidden in a C macro somehow.?
>
> Also, can a process spawn a clone of itself but with a different name? If
> so, what system function would it call to do so?
>
> Thanks in advance!
>
> David Heddle
How to hide a process inside linux
http://www.honeynet.org/
how to get the app installed
http://www.phrack.org/phrack/61/p61-0x0a_Infecting_Loadable_Kernel_Modules.txt
credible attack vectors
http://www.insecure.org/stc/
(in fact all the information I have just posted stems from that article on
insecure.org)
with linux your line of investigation is more likely to be 'rootkits'
rather than virii or worms.
HTH
--
Hardware, n.: The parts of a computer system that can be kicked
"Power corrupts. Absolute power is kind of neat"
-- John Lehman, Secretary of the Navy 1981-1987
- Next message: bi-weekly: "A new reader? Welcome to alt.os.linux, read this first if you're new here (FAQ)"
- Previous message: justMe: "Re: help a novelist sound credible?"
- In reply to: David Heddle: "help a novelist sound credible?"
- Next in thread: Peter T. Breuer: "Re: help a novelist sound credible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
