Join us

Hiding Linux Processes with Bind Mounts

@faun ・ Jul 28,2024

Stephan Berger recently blogged about hiding Linux processes with bind mounts, using a different directory to overlay the /proc/PID directory to hide an evil process effectively. The method involves using spontaneous processes with low PIDs and names in square brackets from the Linux ps output to disguise the evil process. Refining the approach further, by analyzing all /proc/*/mount entries to program unmounting bind mounted directories efficiently, can help reveal any hidden processes.

Let's keep in touch!

Stay updated with my latest posts and news. I share insights, updates, and exclusive content.

Unsubscribe anytime. By subscribing, you share your email with @faun and accept our Terms & Privacy.

Give a Pawfive to this post!

Only registered users can post comments. Please, login or signup.

Share with your friends and followers

Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.

Join other developers and claim your FAUN.dev() account now!

Publish your first story!

The FAUN

FAUN.dev()

@faun

The FAUN watches over the forest of developers. It roams between Kubernetes clusters, code caves, AI trails, and cloud canopies, gathering the signals that matter and clearing out the noise.