Process hiding in linux

• Next message: Marecandja: "PROBLEM: pipes problem - process ends to early"
• Previous message: Andrea Arcangeli: "Re: new IRQ scalability changes in 2.3.48"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

/proc/pid allows strange tricks (2.3.49):

pavel@bug:~/misc$ while1 &
[1] 1349
pavel@bug:~/misc$ delayed_cat /proc/1349/status

[2]+ Stopped delayed_cat /proc/1349/status
pavel@bug:~/misc$ ./phide

[spawns 32450 processes and lets them exit]

pavel@bug:~/misc$ kill -9 1349
pavel@bug:~/misc$ ps aux | grep grep
Warning: /boot/System.map has an incorrect kernel version.
Warning: /usr/src/linux/System.map has an incorrect kernel version.
pavel 1337 0.0 0.5 844 336 tty1 S 22:29 0:00 grep
grep
[1]- Killed while1

[repeating so we are near wrapparound]

pavel@bug:~/misc$ ps aux | grep grep
Warning: /boot/System.map has an incorrect kernel version.
Warning: /usr/src/linux/System.map has an incorrect kernel version.
pavel 1347 0.0 0.5 844 336 tty1 S 22:30 0:00 grep
grep
pavel@bug:~/misc$ while1 & while1 & while1 & while1 & while1 &
[3] 1348
[4] 1349
[5] 1351
[6] 1352
[7] 1353
pavel@bug:~/misc$ kill 1348 1351 1352 1353

*Then* on the other console:

So what we have is process 1350 *hiding* process 1349. (Process apears
on listings, but it is marked as zombie, while it is running in the
background.)

pavel@bug:~$ ps aux | grep 1349
Warning: /boot/System.map has an incorrect kernel version.
Warning: /usr/src/linux/System.map has an incorrect kernel version.
pavel 1350 0.0 0.3 724 224 tty1 T 22:28 0:00 delayed_cat /proc/1349/status
pavel 1349 12.1 0.0 0 0 tty1 Z 22:28 0:34 [while1 <defunct>]
pavel 1361 0.0 0.5 844 332 tty2 S 22:33 0:00 grep
1349
pavel@bug:~$ kill -9 1350
pavel@bug:~$ ps aux | grep 1349
Warning: /boot/System.map has an incorrect kernel version.
Warning: /usr/src/linux/System.map has an incorrect kernel version.
pavel 1349 88.2 0.3 720 216 tty1 R 22:30 2:46 while1
pavel 1363 0.0 0.5 844 332 tty2 S 22:33 0:00 grep
1349
pavel@bug:~$

                                                                Pavel

PS: It was Pavel Kankovsky who told me something like this might be
possible. I believe this is security problem.

-- 
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents me at discuss@linmodems.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Marecandja: "PROBLEM: pipes problem - process ends to early"
• Previous message: Andrea Arcangeli: "Re: new IRQ scalability changes in 2.3.48"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:26 EST