2007-06-26

the question was whether a process can have root privs without them
being visible in normal system tools.

this is indeed possible by a process that relies on the real-uid setting
functions (and that way can restore root privs when necessary).

an open question is whether a process can hide the root privs afterwards
but this should be easily possible since that is the test that is done
here as well.

---

so, an idea for a tool is to go through all the processes in the system
and compare their UIDs to what they could be (status).

in the process, the tool should also check for the capability bits as
these are in reality used by the kernel as authorization mechanism.