+ Follow

chmod -x chmod

by José Castro

140K views

Video at http://www.youtube.com/watch?v=DTWZqh64RcQ. ...

Video at http://www.youtube.com/watch?v=DTWZqh64RcQ.

You're in a Data Center, with absolutely no contact with the outside world, with a machine that you must not restart, and someone performed a `chmod -x chmod`.

This is a problem we used in interviews during 2009, and this presentation is a list of some of the possible solutions that my co-workers at SAPO have suggested.

Accessibility

View text version

Upload Details

Uploaded via SlideShare as Adobe PDF

Usage Rights

File a copyright complaint

66 Embeds 7,181

http://www.ende-der-vernunft.org	1474
http://blog.kwasd.ru	839
http://blog.matthew.org.pl	831
http://www.redditmedia.com	807
http://www.shortcut.ru	609
http://krypted.com	494
http://shriphani.com	406
http://www.macdac.ru	389
http://www.joanabotto.com	290
http://elkosmas.gr	226
http://www.musiques-incongrues.net	167
http://www.blog.manhag.org	126
http://www.etanonline.fr	117
http://www.younic.de	81
http://paper.li	54
http://pcampitiello.blogspot.com	44
http://pcampitiello.blogspot.it	39
http://www.robintel.ro	25
http://interactivestemlearningprogramsk-12.blogspot.com	17
https://twitter.com	16
http://static.slidesharecdn.com	12
http://iam-chen.com	12
http://a0.twimg.com	10
http://twitter.com	9
http://cetys.blackboard.com	6
http://webcache.googleusercontent.com	6
http://manhag.org	6
http://pcampitiello.blogspot.com.br	5
http://j-reference.blogspot.com	4
http://tumblr.ramimassoud.com	4
http://beta.shortcut.ru	3
http://translate.googleusercontent.com	3
http://www.linkedin.com	3
http://us-w1.rockmelt.com	3
http://feeds.feedburner.com	3
http://feeds2.feedburner.com	3
http://xss.yandex.net	2
http://interactivestemlearningprogramsk-12.blogspot.co.uk	2
http://www.netvibes.com	2
http://classztoop.blogspot.com	2
http://www.manhag.org	2
https://www.shortcut.ru	2
http://unixfreunde.de	2
http://pcampitiello.blogspot.fr	2
http://pcampitiello.blogspot.be	1
http://interactivestemlearningprogramsk-12.blogspot.de	1
http://pcampitiello.blogspot.fi	1
http://cache.baidu.com	1
https://si0.twimg.com	1
http://pcampitiello.blogspot.mx	1
http://pcampitiello.blogspot.com.es	1

More...

Statistics

Likes: 39
Downloads: 337
Comments: 14
Embed Views: 7,181
Views on SlideShare: 133K
Total Views: 140K

chmod -x chmod Presentation Transcript

chmod -x chmod José Castro <cog@cpan.org> August 2010

During 2009 we posed this problem to several of our candidates

You’re in a Data Center

With absolutely no contact with the outside world

There’s a machine you must not reboot

And someone had the brilliant idea of performing a `chmod -x chmod`

Solve the problem

The following is a list of possible solutions proposed by my co-workers

If the package is in cache, reinstall it

On Debian: sudo apt-get install --reinstall coreutils

Use a language that implements chmod

Perl perl -e ‘chmod 0755, “chmod”’

Python python -c "import os;os.chmod('/bin/chmod', 0777)"

d un teste Node.js require("fs").chmodSync("/bin/chmod", 0755);

Use existing executables or create your own

$ cat - > chmod.c

$ cat - > chmod.c int main () { } ^D

$ cat - > chmod.c int main () { } ^D $ cc chmod.c

$ cat - > chmod.c int main () { } ^D $ cc chmod.c $ cat /bin/chmod > a.out

$ cp cat new_chmod $ cat chmod > new_chmod

$ cat - > restore_chmod.c

$ cat - > restore_chmod.c #include <sys/types.h> #include <sys/stat.h> int main () { chmod( "/bin/chmod", 0000777 ); } ^D

$ cat - > restore_chmod.c #include <sys/types.h> #include <sys/stat.h> int main () { chmod( "/bin/chmod", 0000777 ); } ^D $ cc restore_chmod.c

$ cat - > restore_chmod.c #include <sys/types.h> #include <sys/stat.h> int main () { chmod( "/bin/chmod", 0000777 ); } ^D $ cc restore_chmod.c $ ./a.out

launch BusyBox (it has a chmod inside)

GNU tar

$ tar --mode 0777 -cf chmod.tar /bin/chmod $ tar xvf chmod.tar

tar --mode 555 -cvf - chmod | tar xvf -

d un teste $ tar -cvf chmod.tar chmod edit the archive and alter the permissions

“You said I couldn’t go to the internet...

“You said I couldn’t go to the internet... but you said nothing about the other machines on the data center...”

Open a socket to another machine and do a: $ tar --preserve-permissions -cf chmod.tar chmod

Open a socket to another machine and do a: $ tar --preserve-permissions -cf chmod.tar chmod Get this tar to your machine and: $ tar xvf chmod.tar

cpio

cpio lets you copy ﬁles to and from archives

bytes 19 to 24 are the ﬁle mode (http://4bxf.sl.pt)

echo chmod | cpio -o | perl -pe 's/^(.{21}).../${1}755/' | cpio -i -u

Hardcore

alias chmod='/lib/ld-2.11.1.so ./chmod'

d un teste • attrib or ls -@ • force the inode into cache • check kcore for the VFS structures • use sed to alter the execution bit without the kernel realizing it • run chmod +x chmod

Text editors sometimes need to overwrite a ﬁle

Thus, some of them have something resembling chmod

Emacs

Ctrl+x b > *scratch* (set-file-modes "/bin/chmod" (string-to-number "0755" 8)) Ctrl+j

There seem to be countless solutions

But one of the best answers I’ve seen...

Was from a guy who replied to my “Solve the problem” with...

“What problem? Isn’t the machine still running?”

The End (for now)

Miguel Tavares http://ubuntuforums.org/showthread.php?p=11893791#post11893791 1 year ago

Are you sure you want to

Dmitry Lejkin at Пиратская Партия России mmm... chmod from c system call will not work? 1 year ago

rxxluowei mark 2 years ago

sac2279 exec chmod +x chmod 2 years ago

stevebeattie On linux, it’s much, much easier. You see, when you execute an ELF executable, the kernel does some mapping and then hands the rest of process setup off to ld.so(1), which is treated somewhat like a (hardware backed) interpreter for ELF files, much like /bin/sh inteprets shell scripts, perl interprets perl scripts, etc. And just like you can invoke a shell script without the executable bit via ’/bin/sh your_script’, you can do:

# /lib/ld-linux.so.2 /bin/chown +x /bin/chown

or on x86_64 systems:

# /lib/ld-linux-x86-64.so.2 /bin/chown +x /bin/chown

(paths are taken from an Ubuntu 10.10 system and may vary on other distros.) 2 years ago

Antonio Ognio, Software Developer / Ingeniero de Sistemas at Aureal Systems S.A.C, Miraflores, Perú I totally thought of the same kind of solution presented by Kevin Benton in the second comment. You still have read permission on the original chmod binary so if you simply dump its contents into another file that already has executable permissions you’ll be fine. In order to avoid ’sacrificing’ any other executable you can simple make a copy of any working executabe and you’re done.

I immediately thought of something like this:

$ sudo su -
# cd /bin
# cp bash chmod2
# cat chmod > chmod2
# chmod2 +x chmod
# rm chmod2
# exit

Just tried in on my Macbook starting from chmod -x /bin/chmod and it works perfectly fine.

Only cp and cat needed with this approach. 2 years ago

Dustin Morro Wow my brain hurts. :( 2 years ago

Kevin Benton This one is easy, just ’mv /bin/chmod /bin/chmodold’ then ’cp /bin/chown /bin/chmod’, and finally ’cat /bin/chmodold > /bin/chmod’.
It's incredible that they came up with so many convoluted answers and skipped this. 2 years ago

Alex Pilosov debugfs, change permissions in there. may need to flush things out of cache. 2 years ago

Alex Butcher A bit round about, but create a dummy file, mkdosfs it, mount it loopback, then copy the chmod binary into it. 2 years ago