I need to hide a running process, a program which I have written so that the end users cannot remove it.
I read that LIDS does this. But it will be a tedious task if I have to patch the kernel of all the boxes.
Would it be possible to write a kernel module which hides the process, and in turn hides its ownself as well??
Has anyone done this before?
Thanks in advance.
Soeren wrote:
On Tue, 14 Jan 2003 11:58:53 -0800 (PST)
S P <sage_newbie@yahoo.com> wrote:
Hi,Hi,
I am writing a software program which when installed, inserts a kernel
module. However the user should not be able to see the module (using
lsmod) or remove it, even if he has root privileges. Only the uninstall
program should be able to remove it. Is there any way this can be done ?
I thought of modifying the sys_create_module system call.
Thanks for the help,
-SP
you should take a look on:
http://packetstorm.decepticons.org/docs/hack/LKM_HACKING.html#II.9.
- maybe it'll help you.
Soeren
-- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
