[NTLUG:Discuss] -:0
Chris Cox
cjcox at acm.org
Mon Apr 25 11:09:37 CDT 2005
phrostie wrote:
>>A process can change the name that it is known by.
>>It's a weak security feature.
>>
>>Not a problem.... unless the somewhat stealthy process really
>>isn't supposed to be there!
>
>
> so how do i know the difference?
>
You'd explore /proc/<pidnumber> to get more info.
(assumes that a root kit hasn't done a real
number on you!)
I guess the answer is that if a machine
has been compromised ... it could be
VERY difficult.
Most root-kits aren't terribly smart though
(feel free to suggest ones that are).
More information about the Discuss
mailing list