Re: binary switching, no killing

From: Andrew Brown (atatat@atatdot.net)
Date: 09/25/01 

Date: Mon, 24 Sep 2001 19:07:49 -0400
From: Andrew Brown <atatat@atatdot.net>
To: Craig Holmes <Leusent@home.com>
Subject: Re: binary switching, no killing
Message-ID: <20010924190749.A15266@noc.untraceable.net>

> Me and some friends have created a small irc network in which we are
>implementing ssl encryption between client and server. Our original ircd did
>not have this feature and now our new ircds do. The problem is in upgrading,
>the whole ircd must be killed and a new one started, which causes all clients
>to drop. My question is, is it possible to almost "hijack" a process, and
>switch the binary without losing the pid & tcp/ip connections? Is this a
>crazy and impossible idea, or has it been done?

been there, done that. you *definitely* need application support for
it. my (unix) solution was thus:

* mark all file descriptors for non-close-on-exec
* set up a signal handler for sighup (any signal will do)
* upon receipt of signal, set a flag and return (exit signal handler)
* server's main loop notes flag is set and...
* opens a udp socket on the loopback interface
* sets the send/recv buffers to really really large
* sends server state as one large datagram to itself
* execs new server with socket fd as an argument (preserving pid)
* new server reads and restores server state from udp socket

the new server now picks up where the old server left off, with dns
cache info, unresolved dns queries still pending, open connections and
listening sockets, etc. it's tricky, but it works once you get it
right.

the ssl thing might make it difficult, though. 

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Dynamic DNS "Spoofing" & IRC
    ... We're using somekind modified darkhex ircd atm and we're coding new one ... > within DNS if reverse lookup is possible. ... and a friend's server that allows for me to ... > Step 3) Run your dyndns script for zoneedit to assign your ip address as ...
    (Bugtraq)
  • Re: Unrealircd & Anope services - join segmentation fault in operserv.c
    ... interpreted) as the name of the server. ... crash, since servers can't join channels and so forth. ... > Ircd go to SEGFAULT because it don't find that nick ...
    (Bugtraq)
  • Re: imagine this please.. please
    ... But here are some points, I'm a cerified engineer, but have no server to ... > then you 'fix' your server and then filter SPAM at the same time. ... > 2) write an open letter to the newsgroups, mailing lists, SecurityFocus ... > everything *except* for the offending word. ...
    (comp.os.linux.security)
  • Re: imagine this please.. please
    ... to go through SecurityFocus. ... write a perl/c/bash/whatever script which acts as a SMTP proxy server. ... then you 'fix' your server and then filter SPAM at the same time. ... everything *except* for the offending word. ...
    (comp.os.linux.security)
  • Re: imagine this please.. please
    ... > the mail server in a production environment yourself and would prefer ... then you 'fix' your server and then filter SPAM at the ... > SecurityFocus and CC a copy to the company in question again ... > everything *except* for the offending word. ...
    (comp.os.linux.security)