RE: binary switching, no killing

From: Dom De Vitto (Dom@DeVitto.com)
Date: 09/23/01

Previous message: Alfred Huger: "Re: Decompiler"
In reply to: Craig Holmes: "binary switching, no killing"
Next in thread: David Ford: "Re: binary switching, no killing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Dom De Vitto" <Dom@DeVitto.com>
To: <pen-test@securityfocus.com>
Subject: RE: binary switching, no killing
Date: Sun, 23 Sep 2001 19:30:35 +0100
Message-ID: <NDBBJOKICOHGIJLJDFEJKEIJDEAA.Dom@DeVitto.com>

It's quite possible, with support from the original application.
But when the original apps help, you'd need some cunning kernel
magic to "swap" process ids (which would come with lots of kernel
table entries, etc.).

Hmmm, unless the bit of code you want to switch is part of a DLL
- then you may be able to mmap the dll and hand-modify the code.
Hmmm, thinking about it, you could do the same with a vi /proc/...

Lots of ways, all tricky, but possible.

Dom
-----Original Message-----
From: Craig Holmes [mailto:Leusent@home.com]
Sent: 23 September 2001 04:08
To: pen-test@securityfocus.com
Subject: binary switching, no killing

Hi Listmembers,
Me and some friends have created a small irc network in which we are
implementing ssl encryption between client and server. Our original ircd did
not have this feature and now our new ircds do. The problem is in upgrading,
the whole ircd must be killed and a new one started, which causes all
clients
to drop. My question is, is it possible to almost "hijack" a process, and
switch the binary without losing the pid & tcp/ip connections? Is this a
crazy and impossible idea, or has it been done?

Any help would be appreciated!

Thanks in advance,
Craig Holmes

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Previous message: Alfred Huger: "Re: Decompiler"
In reply to: Craig Holmes: "binary switching, no killing"
Next in thread: David Ford: "Re: binary switching, no killing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: faster scans? (nmap)
... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: pen test help please asap
... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)
Re: ettercap help
... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)
Re: ettercap help
... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: Wardialing
... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)