Bug#520254: unhide: segfault when using "unhide brute"
Hi. I'm havin the same problems with "unhide burte" (at least with the current debian sid package). If you need some help with testing,.. please do not hesitate to ask me ;) Regards, Chris. This message was sent using IMP, the Internet Messaging Program. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#520254: unhide: segfault when using "unhide brute"
Am Monday 30 March 2009 21:37:41 schrieb Yago Jesus: > OK, let me check the health of your vfork() function. > > you can find attached in this e-mail a test program called vfork-test.c. > > Usage: > > #gcc vfork-test.c -o vfork-test > > #./vfork-test > > --- > > Please, send me the output (if it its ok, you will see nothing) > > Note: Excecute the program a few times (because time() is not perfect) > Hi Yago, I have the fork test performed about 20 times. It was never a message, so it runs correctly through. Cheers Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#520254: unhide: segfault when using "unhide brute"
OK, let me check the health of your vfork() function.
you can find attached in this e-mail a test program called vfork-test.c.
Usage:
#gcc vfork-test.c -o vfork-test
#./vfork-test
---
Please, send me the output (if it its ok, you will see nothing)
Note: Excecute the program a few times (because time() is not perfect)
2009/3/28 Singer, Michael
> Hi Francois,
> Hi Yago,
> Thank you for building the Debian package unhide. I have the
> package "unhide_20080519-5 ~ debianbug-520254_amd64.deb" installed and
> implemented a trace with the command "strace -o unhide.txt unhide-linux26
> brute" Unfortunately unhide ends again with a memory access error.
>
> Do you need more information?
>
> Cheers
> Michael
>
>
#include
#include
#include
#include
#include
#include
int main () {
int vpid;
int status;
time_t vforking;
time_t waiting;
if (vpid=vfork() == 0) {
vforking = time(NULL);
sleep(10);
_exit(2) ;
}
waiting = time(NULL);
if (waiting-vforking !=10) {
printf("if you see this message something is wrong with
vfork\n") ;
}
waitpid(vpid, &status, 0);
exit (1);
}
Bug#520254: unhide: segfault when using "unhide brute"
On 2009-03-27 at 19:44:19, Singer, Michael wrote: > What should I do with the file "unhide linux26.c" exactly do? Unfortunately > I am not yet ready to build a Debian package. Can you give me the steps I > explain the need to implement the new version of unhide test. Hi Michael, I have built a test package for you here: http://people.debian.org/~francois/unhide_20080519-5~debianbug-520254_amd64.deb The test that Yago wanted you to do is with the unhide-linux26 command inside that new version of the package. Cheers, Francois -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#520254: unhide: segfault when using "unhide brute"
Am Thursday 26 March 2009 21:52:10 schrieb yago jesus: > Please, try this version of unhide > Hi yago, Thanks for your quick reply. I do not exactly what I should do. What should I do with the file "unhide linux26.c" exactly do? Unfortunately I am not yet ready to build a Debian package. Can you give me the steps I explain the need to implement the new version of unhide test. Cheers Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#520254: unhide: segfault when using "unhide brute"
Please, try this version of unhide
2009/3/26 Singer, Michael
> Hi Francois,
> here the answers to your questions.
>
> 1)
> # uname -a
> Linux bluelupomobile 2.6.29-0.slh.1-sidux-amd64 #1 SMP PREEMPT Tue Mar 24
> 01:15:50 UTC 2009 x86_64 GNU/Linux
>
> 2) normal installation of Sidux (based on Debin SID)
>
> 3) root
>
> 4) unhide.txt the attached file as an email attachment (compressed)
>
> Cheers
> Michael
>
/* Unhide yje...@security-projects.com */
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define COMMAND "nice -20 ps axHo sess,pid | awk '{ print $2 }' | grep -v PID"
#define SESSION "ps axHo sess,pid | awk '{ print $1 }' | grep -v SESS"
#define PGID "ps axHo pgid,pid | awk '{ print $1 }' | grep -v PGID"
// sysctl kernel.pid_max
int maxpid= 32768;
int isfaked(int pidtmp) {
int count ;
struct dirent *ptr;
DIR *dirp;
char path[1000] ;
sprintf(path,"/proc/%i/task",pidtmp);
errno= 0 ;
dirp = opendir(path) ;
count = 0;
if ( errno == 0) {
while ((ptr = readdir(dirp)) != NULL) {
count++;
}
if ( count > 3 ) { return(1) ;}
else {return(0);}
}
else {return(0);}
}
void checkps(int tmppid, int morechecks) {
int ok = 0;
char pids[30];
char sessionpids[30] ;
char pgidpids[30] ;
char compare[100];
char comparesession[100];
char comparepgid[100];
FILE *fich_tmp ;
fich_tmp=popen (COMMAND, "r") ;
while (!feof(fich_tmp) && ok == 0) {
fgets(pids, 30, fich_tmp);
sprintf(compare,"%i\n",tmppid);
if (strcmp(pids, compare) == 0) {ok = 1;}
}
pclose(fich_tmp);
if (morechecks == 1) {
FILE *fich_session ;
fich_session=popen (SESSION, "r") ;
while (!feof(fich_session) && ok == 0) {
fgets(sessionpids, 30, fich_session);
sprintf(comparesession,"%i\n",tmppid);
if (strcmp(sessionpids, comparesession) == 0) {ok = 1;}
}
pclose(fich_session);
FILE *fich_pgid ;
fich_pgid=popen (PGID, "r") ;
while (!feof(fich_pgid) && ok == 0) {
fgets(pgidpids, 30, fich_pgid);
sprintf(comparepgid,"%i\n",tmppid);
if (strcmp(pgidpids, comparepgid) == 0) {ok = 1;}
}
pclose(fich_pgid);
}
if ( ok == 0 ) {
int faked ;
int statuscmd ;
char cmd[100] ;
faked = isfaked(tmppid) ;
if ( faked == 0 ) {
struct stat buffer;
printf ("Found HIDDEN PID: %i\n", tmppid) ;
sprintf(cmd,"/proc/%i/cmdline",tmppid);
statuscmd = stat(cmd, &buffer);
if (statuscmd == 0) {
FILE *cmdfile ;
char cmdcont[1000];
cmdfile=fopen (cmd, "r") ;
while (!feof (cmdfile)) {
fgets (cmdcont, 1000, cmdfile);
printf ("Command: %s\n\n", cmdcont);
}
}
}
}
}
void checkproc() {
int procpids ;
int statusproc;
struct stat buffer;
printf ("[*]Searching for Hidden processes through /proc scanning\n\n")
;
for ( procpids = 1; procpids <= maxpid; procpids = procpids +1 ) {
char directory[100] ;
