radzy@calma.uucp (Tim Radzykewycz) (09/16/85)
> From: notch@srcsip.UUCP (Michael k Notch) > Subject: invisibility. > I have heard a rumor that it is possible for a user on 4.2bsd to go > invisible to other users. > Has anyone else heard this rumor and possibly confirm it. > Also, if it is true, could someone explain to me how it is done. > Thanks. I will take this in the strictest confidence. It is possible for a user on 4.2 to "go invisible". 4.2 keeps login accounting records in a file in one of the administration directories (I won't say where, mostly because I don't remember offhand). It's possible for this to happen if a system manager cleans out the accounting file when people are logged in: the ones who were logged in before the file gets cleaned up become "invisible" to anyone who does who(1), w(1), and anything else which tells if they're on. I presume it would be possible for someone with superuser privs to write a "logout" record to the file and become invisible, but I haven't ever seen that happen and don't see why it would be desirable (other than for those "hackers" [read: "creeps" :-}] who want to do it "just 'cuz it's possible"). By the way, this doesn't mung any process accounting other than connect time -- for those of you who keep track of such things. -- Tim (radzy) Radzykewycz calma!radzy@ucbvax.ARPA ucbvax!calma!radzy
sean@ukma.UUCP (Sean Casey) (09/18/85)
You might clear out the login accounting file, but you can't destroy the
process tables in the kernal, so you won't fool ps or sps. (Actually you
can destroy the process tables if you want your file system checked :-) ).
--
- Sean Casey UUCP: sean@ukma.UUCP or
- Department of Mathematics {cbosgd,anlams,hasmed}!ukma!sean
- University of Kentucky ARPA: ukma!sean@ANL-MCS.ARPA