I am trying to create a process which can't be killed even by "kill -9", which can be useful in attack-defense mode CTF, I tried this https://unix.stackexchange.com/questions/134888/simulate-an-unkillable-process-in-d-state but it seems fixed in kernel after 2.6.25 http://www.ibm.com/developerworks/library/l-task-killable/ so I wonder if there is any way to create a unkillable process with no-root privilege in linux? thank you. (first time to ask question in stackoverflow...I'm feeling a little nervous...)
Asked
Active
Viewed 2,041 times
0
-
No. That would be horribly dangerous. Or *yes*, but it's number `1`. – Elliott Frisch Oct 21 '14 at 06:56
-
If there is such a method, it should be reported as a bug in Linux. – John Zwinck Oct 21 '14 at 07:10
2 Answers
2
Should by no means be possible, such a possibility is not simply a bug but also an important vulnerability.
darkmutt
- 41
- 3
0
Theoretically root can kill any process. All other processes can only be killed by their owner. If you don't want a process to be killable, create a user that has and impossible password (one nobody needs to remember) and then get root to start the process with something like this: (root won't be asked to provide a password but 'su' will change to that user)
su newacct ksh -c "/home/newacct/bin/theProcessToStart.ksh and its parameters"
su - newacct ksh -c "/home/newacct/bin/theProcessToStart.ksh and its parameters"
The dash says that you should execute the .profile of that user. It depends if you want to or not. (You don't have to execute a script, but I assumed you were likely to in this example.)
This way, nobody but root can kill this process because nobody can become that user.
You might want to google how to make an undecryptable password in /etc/shadow. It's easy.
cpu
- 567
- 4
- 6