I have done a little bit of digging, and it looks like top reads its data from the /proc filesystem.

In my small explorations I notice that I own files in /proc (looks like each PID I own has its own subdirectory). However they are all read-only, and I am prevented from chmod-ing them.

I think I remember being able to change the output in top or a similar command, but it has been over 10 years, and it may have been some loophole.

Sorry if this thread belongs in Security.

BTW the particular flavor is RedHat.

Wouldn't it make more sense to start it with a particular name ???.
Also "man top" will give you insight into many ways to vary its usage.

/proc is a psuedo file-system - it's a means of exposing (some) kernel data. It's not a physical filesystem in the normal sense, and you don't "own" any of it.
I don't think the kernel devs would look kindly on a request to allow users to do things such as chmod against /proc structures ...

Yeah I read man top, and man ps, how else would I know that /proc is where top gets its information?

How would I "start" it under a particular name? Is it possible to execute any program under a different name? What if the program has its own way of calling another sub-program, and that's the task name you wanted to change (the task that tends to be at the top of top)?

I'd be surprised but curious to know if you were able to do this. ps is one of the tools for identifying when someone is trying to do something stealthy which is why it often gets replaced by rootkits.

There's an article at cert.org that talks about using ps to identify masked command lines.

In a similar vein, on some OS's, some versions of perl can get ps to report a different value by changing $0 (http://perldoc.perl.org/perlvar.html).

I haven't gotten any closer than you.

I indeed try the modifying the value of $0 trick in Perl and it did not work. In my O'Reilly Programming Perl it basically says it doesn't always work.

Also, that cert article was very interesting. You could just create a symbolic link called whatever the program to be executed is, and rename the executable to anything you want, and you can "trick" the "stronger" side of the ps technique, but using the "weaker" form -ef will reveal the "real" name of the file you are executing. Interesting.

BTW, had to edit out the URLs in your post because board policy says I can't have 'em in my post until I have 5 posts.

Create a symlink to the executable and then run it from the link.

Update: doing the $0 renaming thing in perl DID work.

However the process I wish to rename is something that is spawned by a program the code of which I have no control.

In C, I believe it's also possible to change the program name (variable argv[0] or something like that).
Hence the trick in Perl.
In a shell, there's also a variable called $0 that contains the program name (ie name of your script).
Try setting it's value.

As already said, the system info in /proc is used by several programs, like ps, to display what's going on internally in your system/kernel. You shouldn't mess with that information directly.