I have updated the process hiding kernel patch described in my previous post. The following patch was created for a vanilla kernel 2.6.27.10 from kernel.org. You should be able to patch also future kernel versions as it is a super simple single-line patch. Just modify one line in the proc_pid_instantiate method of fs/proc/base.c.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
diff -U8 -r linux-2.6.27.10/fs/proc/base.c linux-2.6.27.10-prochide/fs/proc/base.c --- linux-2.6.27.10/fs/proc/base.c 2008-12-18 18:13:59.000000000 +0100 +++ linux-2.6.27.10-prochide/fs/proc/base.c 2008-12-21 04:09:32.000000000 +0100 @@ -2642,17 +2642,17 @@ { struct dentry *error = ERR_PTR(-ENOENT); struct inode *inode; inode = proc_pid_make_inode(dir->i_sb, task); if (!inode) goto out; - inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR; inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; inode->i_nlink = 2 + pid_entry_count_dirs(tgid_base_stuff, ARRAY_SIZE(tgid_base_stuff)); dentry->d_op = &pid_dentry_operations; |
All menu configuration options have been stripped from this patch. This is the dimpliest way to accomplish process hiding in a modern Linux System. No need of further explanation.
current patch: prochide-simple-patch_2.6.27.10.diff
