Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site megad.UUCP
Path: utzoo!linus!philabs!sbcs!megad!seth
From: seth@megad.UUCP (Seth H Zirin)
Newsgroups: net.unix-wizards
Subject: RE: user invisibility (Cloaking)
Message-ID: <203@megad.UUCP>
Date: Tue, 8-Oct-85 10:54:24 EDT
Article-I.D.: megad.203
Posted: Tue Oct  8 10:54:24 1985
Date-Received: Fri, 18-Oct-85 21:03:54 EDT
References: <543@lasspvax.UUCP>
Organization: The Bohemian Pleasure Dome
Lines: 23

> > I have heard a rumor that it is possible for a user on 4.2bsd to go
> > invisible to other users. 
> > Also, if it is true, could someone explain to me how it is done.
>   I have made myself invisible to other users while I was logged in by
> writing a program that reads utmp, finds my entry, nulls it out, and
> then writes back the new utmp.  This effectively eliminates you from
> `who',`finger',and `w'.  However, this does not eliminate you from `ps'.
> `ps' looks in kmem and eliminating yourself from kmem (process tables)
> looks pretty sticky.  Obviously, you need super-user privileges to cloak
> yourself.  Also, some unknowing user who logs in during the split second
> you modify utmp might find themselves cloaked.

I must be missing something, but, WHY would anyone want to "cloak" themselves
for any legitimate purpose?  Eliminating one's entries in the process table
would have a detrimental impact on the system in general, and on that user's
continued execution in particular.  When I was a student, my favorite hack
was to get into supervisor mode and disable interrupts.
-- 
-------------------------------------------------------------------------------
Name:	Seth H Zirin
UUCP:	{decvax, ihnp4}!philabs!sbcs!megad!seth

Keeper of the News for megad