2,257
edits
Changes
Jump to navigation
Jump to search
→Usage ideas
Line 77:
Line 77:
−== Usage ideas ==
−One thing parasite code can do is call clone() and create thread having access to main process VM, FDT, FS, etc. The new thread can then
−* Check socket FDs to get stuck/closed by polling them
−* Apply "logrotate" on the fly
−* Garbage collector
−* Catch SIGSEGV, do smth with mappings and act upon "illegal" memory access
−** Remote swap for task
−** WSS detection
−Another is to do some activity on the victim and then just unload. With this we can
−* Death detection. Open pipe/socket and pass the other end outside. Once the victim dies the pipe/socket will wake up.
−* Binary updates. E.g. live patching or libs relink
−* Tunneling -- replace opened socket with unix one, and send the former one to the caller
−** Inject socket spy
−** Pack/Unpack
−** Crypt/Decrypt
−** Traffic analyzer
−** Traffic fanout (multiplex)
−* The same for files on disks -- proxy via pipe(s)
−** Filter/split logs
−* Do "nohup" on the fly
−* Debug stuff by MSG_PEEK-ing sockets messages of tee+splice sockets
−* Re-connect sleeping sockets to other addresses (not 100% safe)
−* "Soft" restart of a service -- call execve() from it's context
−* Force entering into CT (except pid namespace, probably)
−* Re-open all files (and cwd, root) to facilitate moving on new / (e.g. for disk replacement)
−* Remove leaks from e.g. malloc/free heap
−* Force reparent (pid change!)
−** Re-open all files -- force daemonize
[[Category:Compel]]
[[Category:Compel]]