Changes

Jump to navigation Jump to search
1,411 bytes added ,  09:32, 22 September 2016
Created page with "== Usage ideas == One thing parasite code can do is call clone() and create thread having access to main process VM, FDT, FS, etc. The new thread can then * Check socket FDs..."
== Usage ideas ==

One thing parasite code can do is call clone() and create thread having access to main process VM, FDT, FS, etc. The new thread can then

* Check socket FDs to get stuck/closed by polling them
* Apply "logrotate" on the fly
* Garbage collector
* Catch SIGSEGV, do smth with mappings and act upon "illegal" memory access
** Remote swap for task
** WSS detection

Another is to do some activity on the victim and then just unload. With this we can

* Death detection. Open pipe/socket and pass the other end outside. Once the victim dies the pipe/socket will wake up.
* Binary updates. E.g. live patching or libs relink
* Tunneling -- replace opened socket with unix one, and send the former one to the caller
** Inject socket spy
** Pack/Unpack
** Crypt/Decrypt
** Traffic analyzer
** Traffic fanout (multiplex)
* The same for files on disks -- proxy via pipe(s)
** Filter/split logs
* Do "nohup" on the fly
* Debug stuff by MSG_PEEK-ing sockets messages of tee+splice sockets
* Re-connect sleeping sockets to other addresses (not 100% safe)
* "Soft" restart of a service -- call execve() from it's context
* Force entering into CT (except pid namespace, probably)
* Re-open all files (and cwd, root) to facilitate moving on new / (e.g. for disk replacement)
* Remove leaks from e.g. malloc/free heap
* Force reparent (pid change!)
** Re-open all files -- force daemonize

[[Category: Compel]]

Navigation menu