LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Kernel Scripting-Hide a process (https://www.linuxquestions.org/questions/linux-security-4/kernel-scripting-hide-a-process-665475/)

Eilya 08-26-2008 06:03 AM

Kernel Scripting-Hide a process
 
Hi friends,

I want (a C++ code) to hide a process in kernel 2.6, I don't want monitoring even in /proc.
please help me.

Regards,
Eilya

ledow 08-26-2008 06:12 AM

I doubt you'll find any help at all, because there are very, very few legitimate uses of such a facility and it's against forum rules to ask about the "illegitimate" uses.

Plus, it's probably almost impossible without being root and/or editing the kernel source code itself.

syg00 08-26-2008 06:44 AM

Only two posts - both the same. Registered just to ask this question ...
Reported.

roseman 08-26-2008 07:19 AM

I think hiding a process in Linux is not easy. But you can "hide" using thread. You can write a program that call the true expected program through threads.Because thread's name is the same as parent process's, so you can "hide" a process by that way. I hope this useful.

Eilya 08-26-2008 11:32 AM

Syg00 please help, I do apologize for 2 same posts,
Thanks my friends, but it is not against rules because I it is my university project so it is some how academic question. Ledow I want it in the condition that being root and so I want to edit the Kernel source if it be necessary, Roseman thanks a lot in return for your good reply, just please explain more for me if it is possible, I ask other friends helping me.
Thanks a lot,
Eilya

unSpawn 08-26-2008 12:02 PM

Quote:

Originally Posted by Eilya (Post 3260043)
I want (a C++ code) to hide a process in kernel 2.6

"Hiding" processes is not a commonly used or regularly deemed legitimate procedure. The only exception would be the kind of "privilege separation" say the GRSecurity kernel patch would give you (as in unprivileged vs privileged user processes).

This thread is closed for moderation purposes (violation of the LQ Rules).
You are invited to use this opportunity to contact me by e-mail and explain in detail.


All times are GMT -5. The time now is 02:35 AM.