Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site lasspvax.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxn!ihnp4!houxm!vax135!cornell!lasspvax!icc
From: icc@lasspvax.UUCP (Mark Fedor)
Newsgroups: net.unix-wizards
Subject: RE: user invisibility (Cloaking)
Message-ID: <543@lasspvax.UUCP>
Date: Sat, 21-Sep-85 01:38:59 EDT
Article-I.D.: lasspvax.543
Posted: Sat Sep 21 01:38:59 1985
Date-Received: Sun, 22-Sep-85 05:43:07 EDT
Reply-To: icc@lasspvax.UUCP (Mark Fedor)
Organization: Instructional Computing Center, SUNY Oswego, Oswego NY
Lines: 31


> From: notch@srcsip.UUCP (Michael k Notch)
> Subject: invisibility.

> I have heard a rumor that it is possible for a user on 4.2bsd to go
> invisible to other users. 
> Has anyone else heard this rumor and possibly confirm it.
> Also, if it is true, could someone explain to me how it is done.
> Thanks. I will take this in the strictest confidence.

  I have made myself invisible to other users while I was logged in by
writing a program that reads utmp, finds my entry, nulls it out, and
then writes back the new utmp.  This effectively eliminates you from
`who',`finger',and `w'.  However, this does not eliminate you from `ps'.
`ps' looks in kmem and eliminating yourself from kmem (process tables)
looks pretty sticky.  Obviously, you need super-user privileges to cloak
yourself.  Also, some unknowing user who logs in during the split second
you modify utmp might find themselves cloaked.

If anybody has attempted a cloak from `ps', I would like to know the details.
Send details by E-mail.

-- 
=========================================================
USENET:	{decvax,ihnp4,cmcl2,vax135}!cornell!lasspvax!icc
ARPA:	icc%lasspvax@Cornell.arpa
MAIL:	Instructional Computing Center
	11 Snygg Hall, SUNY at Oswego
	Oswego, New York  13126
PHONE:	(315) 341-3055
=========================================================