Penetration Testing mailing list archives
Re: binary switching, no killing
From: Andrew Brown <atatat () atatdot net>
Date: Mon, 24 Sep 2001 19:07:49 -0400
Me and some friends have created a small irc network in which we are implementing ssl encryption between client and server. Our original ircd did not have this feature and now our new ircds do. The problem is in upgrading, the whole ircd must be killed and a new one started, which causes all clients to drop. My question is, is it possible to almost "hijack" a process, and switch the binary without losing the pid & tcp/ip connections? Is this a crazy and impossible idea, or has it been done?
been there, done that. you *definitely* need application support for it. my (unix) solution was thus: * mark all file descriptors for non-close-on-exec * set up a signal handler for sighup (any signal will do) * upon receipt of signal, set a flag and return (exit signal handler) * server's main loop notes flag is set and... * opens a udp socket on the loopback interface * sets the send/recv buffers to really really large * sends server state as one large datagram to itself * execs new server with socket fd as an argument (preserving pid) * new server reads and restores server state from udp socket the new server now picks up where the old server left off, with dns cache info, unresolved dns queries still pending, open connections and listening sockets, etc. it's tricky, but it works once you get it right. the ssl thing might make it difficult, though. -- |-----< "CODE WARRIOR" >-----| codewarrior () daemon org * "ah! i see you have the internet twofsonet () graffiti com (Andrew Brown) that goes *ping*!" andrew () crossbar com * "information is power -- share the wealth." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- binary switching, no killing Craig Holmes (Sep 23)
- RE: binary switching, no killing Dom De Vitto (Sep 23)
- Re: binary switching, no killing Andrew Brown (Sep 25)
- <Possible follow-ups>
- Re: binary switching, no killing David Ford (Sep 23)