Difference between revisions of "Compel"
Jump to navigation
Jump to search
Line 15: | Line 15: | ||
* Inject socket spy -- instead of opened socket create a unix one, put it in place of original one and send the latter back to caller so that any traffic flow in one goes "through" the spy | * Inject socket spy -- instead of opened socket create a unix one, put it in place of original one and send the latter back to caller so that any traffic flow in one goes "through" the spy | ||
* Do "nohup" on the fly | * Do "nohup" on the fly | ||
+ | * Debug stuff by MSG_PEEK-ing sockets messages of tee+splice sockets | ||
[[Category:Empty articles]] | [[Category:Empty articles]] | ||
[[Category:Sub-projects]] | [[Category:Sub-projects]] |
Revision as of 13:09, 9 February 2016
Usage ideas
One thing parasite code can do is call clone() and create thread having access to main process VM, FDT, FS, etc. The new thread can then
- Check socket FDs to get stuck/closed, re-open them and dup2() into original places
- Problem: how to inform the original process about this change
- Apply "logrotate" on the fly
Another is to do some activity on the victim and then just unload. With this we can
- Death detection. Open pipe/socket and pass the other end outside. Once the victim dies the pipe/socket will wake up.
- Binary updates. E.g. live patching or libr relink
- Inject socket spy -- instead of opened socket create a unix one, put it in place of original one and send the latter back to caller so that any traffic flow in one goes "through" the spy
- Do "nohup" on the fly
- Debug stuff by MSG_PEEK-ing sockets messages of tee+splice sockets