Hi. Jean Christophe ANDRĂ0/00 wrote: >>The problem will be: every command that slapper executes runs with the >>uid of the infiltrated ssl webserver. > So the kill will also run as the same uid...
*bing* Ok, got the point. I forgot that the uid is allowed to kill processes with it's own uid. >>So I guess that in most cases there won't be a chance to issue a "kill" >>or "killall" command. > I don't mean to kill anything else than the virus itself! Managing the > webserver is to far away from what we can do without altering anything > valuable on the server! "killall .bugtraq" would be suitable as well, and it would "destroy" every other instance of the program that is running currently. Even if detecting the current PPID does not work for whatever reason. Bye, Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]