Difference between revisions of "Compel"
Jump to navigation
Jump to search
(make the link visible) |
|||
Line 1: | Line 1: | ||
− | + | Compel GIT repo is at http://github.com/xemul/compel | |
== Usage ideas == | == Usage ideas == |
Revision as of 19:02, 10 February 2016
Compel GIT repo is at http://github.com/xemul/compel
Usage ideas
One thing parasite code can do is call clone() and create thread having access to main process VM, FDT, FS, etc. The new thread can then
- Check socket FDs to get stuck/closed by polling them
- Apply "logrotate" on the fly
- Garbage collector
- Catch SIGSEGV, do smth with mappings and act upon "illegal" memory access
- Remote swap for task
- WSS detction
Another is to do some activity on the victim and then just unload. With this we can
- Death detection. Open pipe/socket and pass the other end outside. Once the victim dies the pipe/socket will wake up.
- Binary updates. E.g. live patching or libr relink
- Tunneling -- replace opened socket with unix one, and send the former one to the caller
- Inject socket spy
- Pack/Unpack
- Crypt/Decrypt
- Traffic analyzer
- Traffic fanout (multiplex)
- The same for files on disks -- proxy via pipe(s)
- Filter/split logs
- Do "nohup" on the fly
- Debug stuff by MSG_PEEK-ing sockets messages of tee+splice sockets
- Re-connect sleeping sockets to other addresses (not 100% safe)
- "Soft" restart of a service -- call execve() from it's context
- Force entering into CT (except pid namespace, probably)
- Re-open all files (and cwd, root) to facilitate moving on new / (e.g. for disk replacement)
- Remove leaks from e.g. malloc/free heap
- Force reparent (pid change!)
- Re-open all files -- force daemonize