Graphics Programs Reference
In-Depth Information
0x620
System Daemons
To have a realistic discussion of exploit countermeasures and bypass methods,
we first need a realistic exploitation target. A remote target will be a server
program that accepts incoming connections. In Unix, these programs are
usually system daemons. A daemon is a program that runs in the back-
ground and detaches from the controlling terminal in a certain way. The
term
daemon
was first coined by MIT hackers in the 1960s. It refers to a
molecule-sorting demon from an 1867 thought experiment by a physicist
named James Maxwell. In the thought experiment, Maxwell's demon is a
being with the supernatural ability to effortlessly perform difficult tasks,
apparently violating the second law of thermodynamics. Similarly, in Linux,
system daemons tirelessly perform tasks such as providing SSH service and
keeping system logs. Daemon programs typically end with a
d
to signify they
are daemons, such as
sshd
or
syslogd
.
With a few additions, the tinyweb.c code on page 214 can be made into a
more realistic system daemon. This new code uses a call to the
daemon()
func-
tion, which will spawn a new background process. This function is used by
many system daemon processes in Linux, and its man page is shown below.
DAEMON(3) Linux Programmer's Manual DAEMON(3)
NAME
daemon - run in the background
SYNOPSIS
#include <unistd.h>
int daemon(int nochdir, int noclose);
DESCRIPTION
The daemon() function is for programs wishing to detach themselves from
the controlling terminal and run in the background as system daemons.
Unless the argument nochdir is non-zero, daemon() changes the current
working directory to the root ("/").
Unless the argument noclose is non-zero, daemon() will redirect stan
dard input, standard output and standard error to /dev/null.
RETURN VALUE
(This function forks, and if the fork() succeeds, the parent does
_exit(0), so that further errors are seen by the child only.) On suc
cess zero will be returned. If an error occurs, daemon() returns -1
and sets the global variable errno to any of the errors specified for
the library functions fork(2) and setsid(2).
