Changes

1,390 bytes removed ,  09:32, 22 September 2016
Line 77: Line 77:       −
== Usage ideas ==
  −
  −
One thing parasite code can do is call clone() and create thread having access to main process VM, FDT, FS, etc. The new thread can then
  −
  −
* Check socket FDs to get stuck/closed by polling them
  −
* Apply "logrotate" on the fly
  −
* Garbage collector
  −
* Catch SIGSEGV, do smth with mappings and act upon "illegal" memory access
  −
** Remote swap for task
  −
** WSS detection
  −
  −
Another is to do some activity on the victim and then just unload. With this we can
  −
  −
* Death detection. Open pipe/socket and pass the other end outside. Once the victim dies the pipe/socket will wake up.
  −
* Binary updates. E.g. live patching or libs relink
  −
* Tunneling -- replace opened socket with unix one, and send the former one to the caller
  −
** Inject socket spy
  −
** Pack/Unpack
  −
** Crypt/Decrypt
  −
** Traffic analyzer
  −
** Traffic fanout (multiplex)
  −
* The same for files on disks -- proxy via pipe(s)
  −
** Filter/split logs
  −
* Do "nohup" on the fly
  −
* Debug stuff by MSG_PEEK-ing sockets messages of tee+splice sockets
  −
* Re-connect sleeping sockets to other addresses (not 100% safe)
  −
* "Soft" restart of a service -- call execve() from it's context
  −
* Force entering into CT (except pid namespace, probably)
  −
* Re-open all files (and cwd, root) to facilitate moving on new / (e.g. for disk replacement)
  −
* Remove leaks from e.g. malloc/free heap
  −
* Force reparent (pid change!)
  −
** Re-open all files -- force daemonize
      
[[Category:Compel]]
 
[[Category:Compel]]