> Unless there is an > application (or the system itself) that periodically checks for any > change in status of a system daemon (like the change of a PID), Watch out. You can't assume that a change of processes is detectable by a change in the PID --- if I kill off the original holder of a PID, I can claim that PID by forking until the OS re-uses it for my own process. Even if the system uses randomized PIDs (a cool idea), I will still eventually receive the one I want, and until I do (we're probably talking seconds), I can keep the service I'm backdooring running on a different PID. ----------------------------------------------------------------------------- Thomas H. Ptacek The Company Formerly Known As Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.pobox.com/~tqbf "If you're so special, why aren't you dead?"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:55 PDT