Subject: command line
To: None <email@example.com>
From: Felix Zaslavskiy <firstname.lastname@example.org>
Date: 03/11/2003 18:53:22
i been wondering.
consider if program executes this call
execl("/bin/sh", "echo", NULL);
Say this was remote backdoor then the "echo" is used to mask the fact
that there is a shell running.
I tried this but ps program displayed. echo (sh)
I wonder where that (sh) came from.
Also is there an easy way to circumvent addition of that (sh)? What if
process forks does it stay?