| Line 77: |
Line 77: |
| | | | |
| | | | |
| − | == Usage ideas ==
| |
| − |
| |
| − | One thing parasite code can do is call clone() and create thread having access to main process VM, FDT, FS, etc. The new thread can then
| |
| − |
| |
| − | * Check socket FDs to get stuck/closed by polling them
| |
| − | * Apply "logrotate" on the fly
| |
| − | * Garbage collector
| |
| − | * Catch SIGSEGV, do smth with mappings and act upon "illegal" memory access
| |
| − | ** Remote swap for task
| |
| − | ** WSS detection
| |
| − |
| |
| − | Another is to do some activity on the victim and then just unload. With this we can
| |
| − |
| |
| − | * Death detection. Open pipe/socket and pass the other end outside. Once the victim dies the pipe/socket will wake up.
| |
| − | * Binary updates. E.g. live patching or libs relink
| |
| − | * Tunneling -- replace opened socket with unix one, and send the former one to the caller
| |
| − | ** Inject socket spy
| |
| − | ** Pack/Unpack
| |
| − | ** Crypt/Decrypt
| |
| − | ** Traffic analyzer
| |
| − | ** Traffic fanout (multiplex)
| |
| − | * The same for files on disks -- proxy via pipe(s)
| |
| − | ** Filter/split logs
| |
| − | * Do "nohup" on the fly
| |
| − | * Debug stuff by MSG_PEEK-ing sockets messages of tee+splice sockets
| |
| − | * Re-connect sleeping sockets to other addresses (not 100% safe)
| |
| − | * "Soft" restart of a service -- call execve() from it's context
| |
| − | * Force entering into CT (except pid namespace, probably)
| |
| − | * Re-open all files (and cwd, root) to facilitate moving on new / (e.g. for disk replacement)
| |
| − | * Remove leaks from e.g. malloc/free heap
| |
| − | * Force reparent (pid change!)
| |
| − | ** Re-open all files -- force daemonize
| |
| | | | |
| | [[Category:Compel]] | | [[Category:Compel]] |