Date: Mon, 3 Nov 1997 14:16:14 +1030 From: Greg Lehey <grog@lemis.com> To: benedict@echonyc.com Cc: Mikael Karpberg <karpen@ocean.campus.luth.se>, freebsd-hackers@FreeBSD.ORG Subject: Re: Recovering Lost Inode? Message-ID: <19971103141614.48001@lemis.com> In-Reply-To: <Pine.NXT.3.96.971102223050.416A-100000@multivac.narcissus.net>; from Snob Art Genre on Sun, Nov 02, 1997 at 10:31:55PM -0400 References: <199710290207.DAA07672@ocean.campus.luth.se> <Pine.NXT.3.96.971102223050.416A-100000@multivac.narcissus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 02, 1997 at 10:31:55PM -0400, Snob Art Genre wrote: > > On Wed, 29 Oct 1997, Mikael Karpberg wrote: > >> But, _if_ he had not killed the daemon, it would still be holding a >> reference to the file. Maybe that could help, somehow? >> >> Is there in the case you know a program is holding a reference to a file, >> but the file has no link from a directory, any possibility of doing >> something like (after "kill -STOP" on the program, if it might terminate) >> >> syscall_saveme(procnum, the_procs_fd_for_the_file, "filename") >> >> as root to add a reference to the file referenced by a process? >> >> Or maybe something like >> >> syscall_copy_fds(procnum) >> >> that would allows a program get a copy of a running proc's filedescriptors >> (like if it was forked from the proc). The second thing should allow for >> reading it and copying it to a file, or possibly link it to a name, although >> I can't think of a nice call to do that with, right now. >> >> If this is not possible right now, would it be hard to do, and does it >> add any security holes? It seems it should, but I can't think of one. > > If we could attach debuggers to running processes like in Mach, this would > be trivial, no? Well, I don't know if it would be trivial, and I don't know if it's like Mach, but sure we can attach debuggers to running processors: === root@freebie (/dev/ttyp3) /usr/ports/print/ghostscript4 135 -> gdb GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details. GDB 4.16 (i386-unknown-freebsd), Copyright 1996 Free Software Foundation, Inc. (gdb) attach 238 Attaching to process 238 0x202b7461 in ?? () (gdb) bt #0 0x202b7461 in ?? () #1 0x444e in ?? () #2 0x4517f in ?? () #3 0x499af in ?? () #4 0x44012 in ?? () #5 0x8d838 in ?? () #6 0x43be5 in ?? () #7 0x8d49a in ?? () #8 0x43bb0 in ?? () #9 0x437eb in ?? () #10 0x438e1 in ?? () #11 0x4282d in ?? () #12 0x1095 in ?? () (gdb) q The program is running. Quit anyway (and detach it)? (y or n) y Detaching from program: process 238 === root@freebie (/dev/ttyp3) /usr/ports/print/ghostscript4 136 -> Admittedly, it's a well-kept secret :-) Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971103141614.48001>