Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site lasspvax.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxn!ihnp4!houxm!vax135!cornell!lasspvax!icc From: icc@lasspvax.UUCP (Mark Fedor) Newsgroups: net.unix-wizards Subject: RE: user invisibility (Cloaking) Message-ID: <543@lasspvax.UUCP> Date: Sat, 21-Sep-85 01:38:59 EDT Article-I.D.: lasspvax.543 Posted: Sat Sep 21 01:38:59 1985 Date-Received: Sun, 22-Sep-85 05:43:07 EDT Reply-To: icc@lasspvax.UUCP (Mark Fedor) Organization: Instructional Computing Center, SUNY Oswego, Oswego NY Lines: 31 > From: notch@srcsip.UUCP (Michael k Notch) > Subject: invisibility. > I have heard a rumor that it is possible for a user on 4.2bsd to go > invisible to other users. > Has anyone else heard this rumor and possibly confirm it. > Also, if it is true, could someone explain to me how it is done. > Thanks. I will take this in the strictest confidence. I have made myself invisible to other users while I was logged in by writing a program that reads utmp, finds my entry, nulls it out, and then writes back the new utmp. This effectively eliminates you from `who',`finger',and `w'. However, this does not eliminate you from `ps'. `ps' looks in kmem and eliminating yourself from kmem (process tables) looks pretty sticky. Obviously, you need super-user privileges to cloak yourself. Also, some unknowing user who logs in during the split second you modify utmp might find themselves cloaked. If anybody has attempted a cloak from `ps', I would like to know the details. Send details by E-mail. -- ========================================================= USENET: {decvax,ihnp4,cmcl2,vax135}!cornell!lasspvax!icc ARPA: icc%lasspvax@Cornell.arpa MAIL: Instructional Computing Center 11 Snygg Hall, SUNY at Oswego Oswego, New York 13126 PHONE: (315) 341-3055 ========================================================= Brought to you by Super Global Mega Corp .com