us is a Linux program, written in C, that simulates the program su. All filesystem modifications are simulated and do not effect the real system.
- Use a modified version of chroot that can run in user space.
- Have us mimic the users directory structure in this chroot.
- Have it use modified versions of ls and other tools that report information such as file sizes (since all files in the chroot will just be touched and empty).
- us will do frivolous read and writes on in tmp space to simulate heavy disk usage for specific commands (rm, cp)
- Have everything happen within us.
- us constructs the command prompt and environment. (probably can have bash do this and mimic it in us)
- us recieves all input commands. It handles only the commands that have be specificially addressed and makes system calls for some commands while doing its own thing for others.
- The fake directory structure is held in a data structure that the user is seeing and manulipating instead of the real thing.
- Have everything happen as normal, but us catches certain commands and modifies the behaviour.
- Is this possible? Am I forgetting stuff?
- Display the expected prompt in the us program. This will require the appropriate shell configuration file to be scanned for the prompt settings, special commands, etc.
- The file system needs to be mimicked. There are a two ways to handle this. One way is to database everything and remember where the user is moving. The second way is to allow the program to make system calls, but limit which commands are run.
- For commands that we don't want run, we need a good output messages as to why they can't be run.
- For commands that we want them to run, we might want to run everything into /dev/null or a hidden directory where everything is saved. This is dependent on how malicious we want to be.
- Add in functionality that will help trick people into installing the program.
- tmp space reading/writting to generate hard drive read/write noise.
- cached filesystem where the actually changes are made (held in some data structure)?
- Modified ls,rm,ect. commands that reports changes after having entered us?
- /dev/zzus: fake device that will exist in the fake shell. The first thing one should do after doing the fake su is check for the presence (ls /dev) of the zzus device to make sure that you are not in a an actual root session.... As very very bad things could occur. The presence of this device will not be noticable to the spectator who is watching their system being destoryed.
- The point of using this would be when you sit at someone elses *nix box. Just renaming the us command, getting it onto their computer, executing it, and typing some misc password that it accepts is not to convincing unless they believe that you have already obtained their password. The other problem is that we are going to need some time to create a cache of the directory tree.
- A better scenario:
- Tell your friend/enemy that you want to install this neato program on thier computer.
- So you load the fake su on and it is name something like neato_app_intall.
- This program acts like it is going through an install process with some indication of progress. What it will really be doing is indexing the directory tree on their system. After it finishes it will give an ERROR saying that you need to be root to execute the install process.
- You type su and ask your friend to type in their password so the neato app can install. After they time it in you will be dropped back to the command shell.
- At this point you don't have to pretend to be installing that neato app you can start your reign of destruction.
- The first thing you do is a ls /dev to verify that the zzus device exists and that you are actually in the fake root and not a real root shell.
- Do whatever you want that will get your friends heart beating fast.