Subject: command line
To: None <>
From: Felix Zaslavskiy <>
List: tech-security
Date: 03/11/2003 18:53:22
i been wondering.
consider if program executes this call

execl("/bin/sh", "echo", NULL);

Say this was remote backdoor then the "echo" is used to mask the fact
that there is a shell running.
I tried this but ps program displayed.   echo (sh)
I wonder where that (sh)  came from.
Also is there an easy way to circumvent addition of that (sh)?  What if
process forks does it stay?