brian@dekalb.UUCP (Brian "I don't need a life" Charlton) (03/11/89)
How do I hide what I doing,specifically,when someone envokes a w,who,top,finger,ps,lastcom,etc...,it doesn't show what I doing. Brian -OUL(Opressed Unix Lowlife) -- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | EMAIL : brian@dekalb or | " Yet another victim of | | gatech!dekalb!brian | society " | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
spolsky-joel@CS.YALE.EDU (Joel Spolsky) (03/11/89)
In article <275@dekalb.UUCP> brian@dekalb.UUCP (Brian "I don't need a life" Charlton) writes: > > How do I hide what I doing,specifically,when someone envokes a >w,who,top,finger,ps,lastcom,etc...,it doesn't show what I doing. > Well.... your processes would have to change their names in the process table, which is possible, but you probably don't want to rewrite all the programs you use. Try invoking a shell inside of emacs. That's not entirely effective but more often than not "w" will show you as running emacs. +----------------+----------------------------------------------------------+ | Joel Spolsky | bitnet: spolsky@yalecs.bitnet uucp: ...!yale!spolsky | | | internet: spolsky@cs.yale.edu voicenet: 203-436-1483 | +----------------+----------------------------------------------------------+ #include <disclaimer.h>
barnett@crdgw1.crd.ge.com (Bruce Barnett) (03/13/89)
> How do I hide what I doing,specifically,when someone envokes a >w,who,top,finger,ps,lastcom,etc...,it doesn't show what I doing. You must be a wizard to before you can use the spell of invisibility. :-) -- Bruce G. Barnett barnett@ge-crd.ARPA, barnett@steinmetz.ge.com uunet!steinmetz!barnett
drears@PICA.ARMY.MIL (Dennis G. Rears (FSAC)) (03/14/89)
Brian "I don't need a life" Charlton <brian@dekalb.uucp> writes: > > How do I hide what I doing,specifically,when someone envokes a >w,who,top,finger,ps,lastcom,etc...,it doesn't show what I doing. > My favourite way is to "rsh hostname /bin/csh". I then source .login. BY doing it this way I don't appear in utmp or wtmp, hence w, who, finger, lastcom can't catch me. Ps, and top can catch me however. Then I use the command "ch realcmd arguments" to run any program. Ch basically puts spaces into argv[0]. This will hide it from ps and top. Dennis -------------------------------------------------------------------------- Dennis G. Rears ARPA: drears@ac4.pica.army.mil UUCP: ...!uunet!ac4.pica.army.mil!drears AT&T: 201-724-6639 USPS: Box 210, Wharton, NJ 07885 Work: SMCAR-FSS-E, Bldg 94, Picatinny Ars, NJ 07806 --------------------------------------------------------------------------
schuetz@iraul1.ira.uka.de (Elmar Schuetz) (03/17/89)
In article <18676@adm.BRL.MIL> drears@PICA.ARMY.MIL (Dennis G. Rears (FSAC)) writes: >[The original poster - I lost the name] wrote: >> How do I hide what I doing,specifically,when someone envokes a >>w,who,top,finger,ps,lastcom,etc...,it doesn't show what I doing. > My favourite way is to "rsh hostname /bin/csh". You need 'csh -i'. But it's not very funny to work if you have no tty accessed and therefore NO job control in the shell. >w, who, finger, lastcom can't catch me. lastcomm DOES catch you! > Ps, and top can catch me >however. Then I use the command "ch realcmd arguments" to run any >program. Ch basically puts spaces into argv[0]. This will hide it >from ps and top. I don't know the command 'top', maybe that's what we call 'lastcomm' which shows the last commands which had been executed. But, if you use 'top' the way we use 'lastcomm', what does your 'lastcom' with one 'm' at the end do? Anyway, 'ps -auxww' will show the arguments you use. Note the two 'w's. (Under 4.x bsd and Ultrix 3.0) My question to the original poster: Why do you want to hide your commands. Are you going to crack the system...? Cheers, Elmar -- csnet, internet, ean, dfn: schuetz@ira.uka.de | bitnet: schuetz@dkauni0i.bitnet -- I met a man who lost his mind in some lost place I had to find; "Follow me," the wise man said but he walked behind. -- Leonard Cohen "Teachers"
nate@hobbes.intel.com (Nate Hess) (03/18/89)
In article <18676@adm.BRL.MIL>, drears@PICA (Dennis G. Rears (FSAC)) writes: > My favourite way is to "rsh hostname /bin/csh". I do the same thing, except I execute /usr/local/bin/emacs. I can then run a terminal emulator inside Emacs and have an editor as well as a tcsh, all from one connection. I don't show up in utmp, of course. --woodstock -- "What I like is when you're looking and thinking and looking and thinking...and suddenly you wake up." - Hobbes woodstock@hobbes.intel.com ...!{decwrl|hplabs!oliveb}!intelca!mipos3!nate
drears@PICA.ARMY.MIL (Dennis G. Rears (FSAC)) (03/21/89)
Elmar writes: >In article <18676@adm.BRL.MIL> drears@PICA.ARMY.MIL (Dennis G. Rears (FSAC)) writes: >>[The original poster - I lost the name] wrote: >>> How do I hide what I doing,specifically,when someone envokes a >>>w,who,top,finger,ps,lastcom,etc...,it doesn't show what I doing. >> My favourite way is to "rsh hostname /bin/csh". > >You need 'csh -i'. But it's not very funny to work if you have no tty accessed >and therefore NO job control in the shell. You do not *need* csh -i; On my ULtrik system I just use /bin/csh. > >>w, who, finger, lastcom can't catch me. > >lastcomm DOES catch you! I don't know. We have all accounting disabled on our system. > >> Ps, and top can catch me >>however. Then I use the command "ch realcmd arguments" to run any >>program. Ch basically puts spaces into argv[0]. This will hide it >>from ps and top. > >I don't know the command 'top', maybe that's what we call 'lastcomm' which >shows the last commands which had been executed. But, if you use 'top' the way >we use 'lastcomm', what does your 'lastcom' with one 'm' at the end do? > >Anyway, 'ps -auxww' will show the arguments you use. Note the two 'w's. >(Under 4.x bsd and Ultrix 3.0) This is easily defeated. Have the first argument be nothing but 90 spaces inside quotations marks. My response was meant as a way to hide what you are doing from a casual user not a system admin. If you really want to hide stuff write a program that does: o Find the location of the file. o If not suid or guid copy it with name of " ". o fork a child; put it to sleep, wake it up 2 seconds later, have it unlink(" "); exit o parent execs file " " o if the file is suid, check to see if you have write permission on any directory in the filesystem (i.e. /usr/tmp) then make a hard link to it, then continue with the fork. Dennis