Files? We don't need no steenkin' files.
Dan Kaminsky
dankamin at cisco.com
Thu Mar 22 12:49:04 EST 2001
$ ps -ef | grep sshd
root 285 1 0 Nov 15 ? 0:03 /usr/local/sbin/sshd
root 23740 285 0 16:13:18 ? 0:00 /usr/local/sbin/sshd
root 23875 285 0 16:28:14 ? 0:00 /usr/local/sbin/sshd
user 23905 23899 0 16:28:31 pts/3 0:00 grep sshd
$ ls /usr/local/sbin
/usr/local/sbin: No such file or directory
$ date
Wed Mar 21 16:28:50 PST 2001
$ telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
SSH-1.99-OpenSSH_2.2.0p1
[Explanation: Unix loads executables into system memory before running
them, so once the process is started--even if it'll eventually fork--the
original executable on the file system can be safely modified or destroyed
without existing processes or daemons even noticing. There is no time limit
to how long a process or a daemon can run straight from memory, and in this
case, up to five months went by without any binary existing on the file
system.
Nobody noticed, of course. OpenSSH just kept chugging along...]
More information about the openssh-unix-dev
mailing list