/proc/pid
描述:
Linux系统下隐藏进程
详细:
/proc/pid 允许存在被哄骗的可能(2.3.49):
我们来看下面的Shell指令
pavel@bug:~/misc$ while1 &
[1] 1349
pavel@bug:~/misc$ delayed_cat /proc/1349/status
[2]+ Stopped delayed_cat /proc/1349/status
pavel@bug:~/misc$ ./phide
[spawns 32450 processes and lets them exit]www.linuxj.com
pavel@bug:~/misc$ kill -9 1349
pavel@bug:~/misc$ ps aux | grep grep
Warning: /boot/System.map has an incorrect kernel version.
Warning: /usr/src/linux/System.map has an incorrect kernel version.
pavel 1337 0.0 0.5 844 336 tty1 S 22:29 0:00 grep
grep
[1]- Killed while1
[repeating so we are near wrapparound]www.linuxj.com
pavel@bug:~/misc$ ps aux | grep grep
Warning: /boot/System.map has an incorrect kernel version.
Warning: /usr/src/linux/System.map has an incorrect kernel version.
pavel 1347 0.0 0.5 844 336 tty1 S 22:30 0:00 grep
grep
pavel@bug:~/misc$ while1 & while1 & while1 & while1 & while1 &