When you are attacking an xinetd-based process model, there’s no reliable way to know if the child process seg-faulted. The accept’ing socket is always alive and GDB’s follow-fork-mode doesn’t quite help us with this since child processes are being spawned and killed all the time.
Well, you could run xinetd in foreground mode (using -dontfork), but that still doesn’t tell us the exit status of the child processes that are responding to incoming requests. What we need is a version of xinetd that tells us reliably that the child process died. Armed with that knowledge and correlating back to the attacks that caused the segfault, we can then fire up our favorite debugger to inspect the root cause of the problem.
Yeah, we could go through all the dup2, fork nastiness in C. Why bother? The following ruby snippet pretty much does what we need in under 16 lines. Granted that the port number to listen on and the program to exec are hard coded, but it gives us what we need.
require 'socket' server = TCPServer.new 12345 loop do connect = server.accept if fork.nil? $stdout.reopen connect $stdin.reopen connect $stderr.reopen connect exec '/usr/libexec/ftpd', '-d' end puts "coredump" if Process.wait2[1].coredump? connect.close end
Ruby’s IO#reopen is the equivalent of dup2. We wait for an incoming connection, dup the IO objects so that stdout, stdin and stderr are all pointing to the TCP socket and then exec the process. In the parent process, we invoke wait2 which returns an array of [pid, status].
Here’s a fuller version that allows you to pass in the listening port as well as the command to run as arguments.
Pingback: Google Redirect Fix
Pingback: cool caravans
Pingback: Nature Inspiration
Pingback: guaranteed rankings
Pingback: Siesta Key Vacation Rentals
Pingback: Dallas Senior Portrait Photographer
Pingback: pre workout supplements
Pingback: American Antigravity
Pingback: best creatine supplements
Pingback: best bcaa
Pingback: webcam chat
Pingback: simran possessed
Pingback: Phil Cannella
Pingback: flights to pakistan
Pingback: Ross Pine
Pingback: womens handbags
Pingback: mflb
Pingback: Dr.Shams Eye Care Clinic
Pingback: online registry cleaner
Pingback: how to stop being lazy
Pingback: the cost of abortion
Pingback: watch free movies online
Pingback: Porn forum
Pingback: money
Pingback: ibuildfans.com
Pingback: Legal Herbs
Pingback: Bangkok flower
Pingback: free ipad
Pingback: online car loan
Pingback: pozyczki chwilowki
Pingback: Roswell Garage Door Repair
Pingback: legal protection insurance
Pingback: Orlando Chiropractor
Pingback: check this
Pingback: Phoenix
Pingback: Bed linen
Pingback: Omega 3
Pingback: Los Angeles short sale
Pingback: studying abroad
Pingback: Costa Rica Car Rental Reviews
Pingback: modern furniture austin
Pingback: Hotel Special Offers
Pingback: Miami moving
Pingback: where to sell scrap gold
Pingback: buy neopoints
Pingback: Cosmetic Dentist NYC
Pingback: ONLINE PSYCHIC READINGS
Pingback: cheap london escorts
Pingback: Escort girl Paris
Pingback: Jesse V.
Pingback: Burlesque Dessous
Pingback: Chicago immigration attorney
Pingback: Scrapebox lists
Pingback: wholesale virgin remy hair
Pingback: refficx
Pingback: designer engagement rings
Pingback: spamfilter
Pingback: noclegi zakopane
Pingback: Best Treatments for Acne Scars - how to treat acne scars?
Pingback: security training courses
Pingback: LUXURY HOMES IN CALIFORNIA
Pingback: Dead Sea Spa Magik
Pingback: cars
Pingback: gynexin
Pingback: jiu jitsu tampa
Pingback: bank teller resume
Pingback: serotonin is
Pingback: PowerPoint Course
Pingback: homebase business
Pingback: income at home
Pingback: hobby toys
Pingback: mixed martial arts
Pingback: Harrison Prestipino
Pingback: icf wall bracing
Pingback: coleman grill stove
Pingback: become total man magnet
Pingback: commercial building inspection
Pingback: commercial inspections
Pingback: Post
Pingback: dog snuggie
Pingback: earn money
Pingback: hair and beauty jobs
Pingback: surgical loupes
Pingback: Notarztkurs Sylt
Pingback: nikon d5000 review
Pingback: Scott Tucker Payday Loans
Pingback: Scott Tucker Payday Loans
Pingback: Scott Tucker Payday Loans
Pingback: Mizuno Baseball Cleats
Pingback: electrician
Pingback: holiday home insurance
Pingback: movies news
Pingback: Scott Tucker Racing
Pingback: Scott Tucker Racing
Pingback: Scott Tucker CBS
Pingback: rain ponchos
Pingback: Brazzers Password
Pingback: anti bullying slogans
Pingback: specially designed buyer's website
Pingback: REO Real Estate Owned
Pingback: Scott Tucker Racing
Pingback: Scott Tucker CBS
Pingback: Scott Tucker Leawood
Pingback: BPO Companies
Pingback: bpo automation
Pingback: betta fish accessories