2,257
edits
Changes
Jump to navigation
Jump to search
Line 77:
Line 77: − == Usage ideas == − − One thing parasite code can do is call clone() and create thread having access to main process VM, FDT, FS, etc. The new thread can then − − * Check socket FDs to get stuck/closed by polling them − * Apply "logrotate" on the fly − * Garbage collector − * Catch SIGSEGV, do smth with mappings and act upon "illegal" memory access − ** Remote swap for task − ** WSS detection − − Another is to do some activity on the victim and then just unload. With this we can − − * Death detection. Open pipe/socket and pass the other end outside. Once the victim dies the pipe/socket will wake up. − * Binary updates. E.g. live patching or libs relink − * Tunneling -- replace opened socket with unix one, and send the former one to the caller − ** Inject socket spy − ** Pack/Unpack − ** Crypt/Decrypt − ** Traffic analyzer − ** Traffic fanout (multiplex) − * The same for files on disks -- proxy via pipe(s) − ** Filter/split logs − * Do "nohup" on the fly − * Debug stuff by MSG_PEEK-ing sockets messages of tee+splice sockets − * Re-connect sleeping sockets to other addresses (not 100% safe) − * "Soft" restart of a service -- call execve() from it's context − * Force entering into CT (except pid namespace, probably) − * Re-open all files (and cwd, root) to facilitate moving on new / (e.g. for disk replacement) − * Remove leaks from e.g. malloc/free heap − * Force reparent (pid change!) − ** Re-open all files -- force daemonize
→Usage ideas
[[Category:Compel]]
[[Category:Compel]]