From owner-freebsd-hackers Mon May 22 12:16:46 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 267C137B784 for ; Mon, 22 May 2000 12:16:43 -0700 (PDT) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e4MJn5q00527; Mon, 22 May 2000 12:49:05 -0700 (PDT) Date: Mon, 22 May 2000 12:49:04 -0700 From: Alfred Perlstein To: "Aleksandr A.Babaylov" Cc: sh_fazelian@yahoo.com, hackers@FreeBSD.ORG Subject: Re: please hellllllllllllp me! Message-ID: <20000522124904.V28097@fw.wintelcom.net> References: <20000522025901.T28097@fw.wintelcom.net> <200005221457.SAA17979@aaz.links.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200005221457.SAA17979@aaz.links.ru>; from babolo@links.ru on Mon, May 22, 2000 at 06:57:05PM +0400 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Aleksandr A.Babaylov [000522 08:30] wrote: > Alfred Perlstein writes: > > > 2- how I can write somthing in a file that nobody can > > > see them > > > my mean: in crontab adding some command that this is > > > hidden. > > impossible(*) afaik. > possible if use similar to linux emulator method > to redirect open(2) - but it is TOO expansive > and kernel need to be changed IMHO for this Why not just trojan cron or any other deamon to periodically execute some program? After a compromise it's best to just reinstall and audit the rest of your machines. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message