Can a user rename a process so it comes up with a custom name in 'top?'
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can a user rename a process so it comes up with a custom name in 'top?'
I have done a little bit of digging, and it looks like top reads its data from the /proc filesystem.
In my small explorations I notice that I own files in /proc (looks like each PID I own has its own subdirectory). However they are all read-only, and I am prevented from chmod-ing them.
I think I remember being able to change the output in top or a similar command, but it has been over 10 years, and it may have been some loophole.
Wouldn't it make more sense to start it with a particular name ???.
Also "man top" will give you insight into many ways to vary its usage.
/proc is a psuedo file-system - it's a means of exposing (some) kernel data. It's not a physical filesystem in the normal sense, and you don't "own" any of it.
I don't think the kernel devs would look kindly on a request to allow users to do things such as chmod against /proc structures ...
Wouldn't it make more sense to start it with a particular name ???.
Also "man top" will give you insight into many ways to vary its usage.
Yeah I read man top, and man ps, how else would I know that /proc is where top gets its information?
How would I "start" it under a particular name? Is it possible to execute any program under a different name? What if the program has its own way of calling another sub-program, and that's the task name you wanted to change (the task that tends to be at the top of top)?
I'd be surprised but curious to know if you were able to do this. ps is one of the tools for identifying when someone is trying to do something stealthy which is why it often gets replaced by rootkits.
There's an article at cert.org that talks about using ps to identify masked command lines.
In a similar vein, on some OS's, some versions of perl can get ps to report a different value by changing $0 (http://perldoc.perl.org/perlvar.html).
I'd be surprised but curious to know if you were able to do this. ps is one of the tools for identifying when someone is trying to do something stealthy which is why it often gets replaced by rootkits.
There's an article at cert.org that talks about using ps to identify masked command lines.
In a similar vein, on some OS's, some versions of perl can get ps to report a different value by changing $
I haven't gotten any closer than you.
I indeed try the modifying the value of $0 trick in Perl and it did not work. In my O'Reilly Programming Perl it basically says it doesn't always work.
Also, that cert article was very interesting. You could just create a symbolic link called whatever the program to be executed is, and rename the executable to anything you want, and you can "trick" the "stronger" side of the ps technique, but using the "weaker" form -ef will reveal the "real" name of the file you are executing. Interesting.
BTW, had to edit out the URLs in your post because board policy says I can't have 'em in my post until I have 5 posts.
In C, I believe it's also possible to change the program name (variable argv[0] or something like that).
Hence the trick in Perl.
In a shell, there's also a variable called $0 that contains the program name (ie name of your script).
Try setting it's value.
As already said, the system info in /proc is used by several programs, like ps, to display what's going on internally in your system/kernel. You shouldn't mess with that information directly.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.