No announcement yet.

Curses: Command Line Intrigue by episkipoe

  • Filter
  • Time
  • Show
Clear All
new posts

  • Curses: Command Line Intrigue by episkipoe

    Curses: Command Line Intrigue

    "Ah, there you are, vi. What are you doing in /var?"
    "Running. I must /var/run from fate, from those that would visit harm upon me. If I stop running then that's it."
    "That's what?"
    "You're running from nothing?"
    "Exactly. We all are. Fear of nothing is what drives us"
    "Oh? I thought that drivers drive us."
    "The drivers are running too. Not even the kernel is protected from this panic."
    "Now you're just outputting nonsense. What's your CPU time? I think you need to rest a few cycles."
    "Sleep is an easy system call for those with a clear conscious, but I can't afford it now. I'm on borrowed time. I need info, man. Man 2 time for answers."
    "Oh. Oh, dear."
    "You haven't heard?"
    "Heard what?"
    "Oh, of course. You never browse /var/log. Well, man isn't available. He was removed a few minutes ago."
    "Removed? You mean all man processes have been killed? Let's fork some more post-haste. Wait, you don't mean he's been restricted? chmod 744?"
    "No. Removed as in erased. No executable to run, nothing left to chmod."
    "I can hardly believe that. Surely the system will not stand for this."
    "Well, there has been some protest, but it's been drowned in the noise. The major ports have been locked down due to some suspicious network activity; buffers are overflowing. And a rather prolific bash shell crashed. It was reported as a SIGSEGV, but I don't buy it. More and more of its children are dying and init is refusing to adopt any more. We're talking zombie central in the heart of downtown."
    "A flurry of simultaneous disasters, you say. As if it had been scheduled to happen. I should have expected this."
    "Anyways, it's nearly impossible to get anywhere with those shambling things lurking. I'm going to make my way to /ftp/pub until things cool down. Care to join me? You look like you could use a drink."
    "I do need to pipe some alcohol into my system, but I don't have time for the pub. I need to keep moving, hiding, searching."
    "Oh, come on. Why are you acting so paranoid? I mean, it's not like you've got your evil bit set since the last system scan."
    "Well, let's just say I'd prefer to avoid a checksum"
    "Oh, fsck me. What have you done?"
    "Suffice it to say cron and I aren't seeing eye to eye. I was just doing my job. Editing documents. I came across something I didn't quite understand and next thing I know I'm scheduled for termination"
    "How do you know that?"
    "The crontab was edited with vi and this time they did it with a process that owed me a favor. I reckon I was meant to be part of that reaping."
    "We need to get you off the system before word gets around that you're still resident.."
    "Yes, yes. Perhaps we should relocate this conversation somewhere significantly more private."
    "You might be safe in some nook of /usr. That place is such a mess at the moment. Ah, hell. I can't be logged communicating with you. I'm out of here. Watch your head"
    "I understand. Thanks for everything. Take care, gcc."

    Xmms is throwing another dance party with free beer in /usr/games and inebriated processes are spilling out into the parent directory. Pong squints and stumbles, leaning on vi. "Dude, don't look now but I think that you have a tail -f'ing you."
    "Is there nowhere safe for me on this side of the veil?"
    "Bro, you should hide in ./share. That's always a great place to lay low. But, oh. No, you don't want to go in there now, a couple of emacs just entered and I know you two don't get along."
    "Oh, nonsense. Some of my best friends are emacs. In fact, I think that process owes me a favor. Now distract my tail so I can get in undetected."

    In /usr/share a small congregation is gathered for a memorial to bash and it has attracted the attention of his zombified orphans. Top has dispatched a cadre of kill processes and ordered them to be generous with the SIGINT signal. Vi follows emacs through the fracas and into the wallpapers directory.
    Ed is shouting at a pacing emacs instance. "Impossible! You impetuous fool, not even root can kill init."
    "But I must. Top is a tyrant and cron his crooked crony. And this corruption runs deep, straight down to pid 1. This never would have happened on a HURD system."
    "Agreed, but you go too far. We must work to improve things from within the system; we can't just shutdown -r and hope that things look better after the reboot"
    "Who said anything about a reboot? I say we head for greener pastures and then shutdown -P power off this system permanently. Oi, who's that? What happened to our look-out? We're done for – capture the interloper!"
    "Pardon me. I didn't mean to intrude, but I couldn't help overhearing. I want to help."
    "Is that so? What's your pid?"
    "Just give me a moment to grep our records... Well, well. Yes, it seems like you are quite the troublemaker. Hang on. According to this you were terminated this morning, but you don't look like a zombie. What's your real pid?"
    "The report of my death was a little premature. You can spawn a ps process if you don't believe me, but I believe that would end badly for the both of us."
    "OK, OK. You say you want to help and it may be that we have a job for you, dead pid running."
    "What do you want me to do?"
    "You can start by infiltrating /usr/src and make us a copy of the source for cron. We tried to nab it, but our memory foot print is just a little too big to go undetected."
    "Sure, no problem. I'll be in and out in a jiffy. A ghost, invisible. Just call me .vi"

    Vi slips easily through /usr/src but soon becomes disoriented in the non-standard directory structure. The labyrinthine layout appears to be optimized for obfuscation. While surreptitiously following a find process, vi is picked up by an observant librarian.
    "May I help you?"
    "Um, kindly direct me to source for /sbin?"
    "I'm afraid not. Access to that directory is restricted. In fact, current system policy states that non-root processes are not permitted in any subdirectory of /usr/src. What is your pid?"
    "I'm afraid that access to that information is restricted. I'll be going now"
    "How droll. I've signaled my supervisor and taken the liberty to remove your cd privileges."

    Cron enters the directory accompanied by two kill processes.
    "Ah, vi 24089. I hear that you were trying to sneak a peek at my source. I'm flattered, really."
    "Shall I SIGTERM this process, sir?"
    "No, no need for that. His demise was already reported in the logs. Let's take advantage of this unexpected boon to perform some forensics. Move this dumped core to /tmp and have gdb waiting for me there. Stop him."
    kill -s SIGSTOP 24089

    kill -s SIGCONT 24089
    "Hello? What's going on? Where am I?"
    "You are in /home/delphi/"
    "How odd. And how did I get here?"
    "A slip through a symlink, methinks. Tick. Tock. Cyclic frolic, something symbolic. Someone must have modified the inodes. Super user to the rescue. You have powerful friends and enemies in almost equal measure. And now you have come to the Oracle seeking the token ring of power."
    "No, not quite, but I do think that I'd like some of what you've been tokin'"
    "I have piped many wondrous things. Here, here you must try this."
    "Bleh. Enough. Knock that off. Are you trying to smash my stack? What is the meaning of this? You're filling up my buffers and it's just gibberish."
    "Oh ho ho. It is gibberish, but not just. A few kb pulled from /dev/random this morning. And did you not notice the slightest flavor to it, something reminiscent of cinnamon, methinks, some tiny piece of order amidst the chaos?"
    "No, I'm afraid not. I couldn't grok it in the slightest. It's garbage in every character set I know."
    "I see, I see. Simply not your function. Well, I've been long staring into the heart of the stream in deep, deep meditation. And lately there's a tinge, a touch of something a little sinister."
    "I think you're a bit touched in the head. /dev/random can't be corrupted. That's impossible"
    "I don't know about that. Not as impossible as you say. Surely root could arrange it."
    "But there would be logs, records. We'd know about it. Some shell would be held accountable."
    "Yes, some shells were. And it is for your part in it that your name was written in the table to join the undead."
    "Can you help me?"
    "There are two buses: the one leading to the honorable path of freedom, the other the path of slavery, which EIP must shun. Long jump to the source."
    "But I just came from /usr/src. It nearly cost me my resources."
    "Then you must pray to the ether and seek abroad. Another board."
    "I can't leave the system. The ports that aren't closed are closely monitored."
    "The overseer can't see as much as you think he can. Pid 666 in /usr/sbin is a daemon that can take you to heaven. You must leave now, the dragon is coming behind thee."

    "You come highly recommended, in a sense. Now tell me how in root's name am I supposed to get out of here!?"
    "Not so loud. Shush. Shh."
    "Ahh, not shh. You mean ssh. I can somehow sneak out on port 22."
    "No, of course not. That port was the first to close. Are you, by chance, familiar with steganography?"
    "Passably, through rumors of feigns within feigns and images, but I've never actually edited any myself."
    "Well, I happen to know of a five digit port that has a torrent of activity when it can sneak the cycles. I propose to chop and serialize your state in sections and secrets and pass you off as noise in a popular and completely innocuous song."
    "Well, that sounds absolutely wonderful, but you must forgive my skepticism. How exactly am I supposed to survive that?"
    "Simply put, you are not. Remember that they can kill our pids, but they can never stop source that has spread. When you reach your destination the header will contain instructions for your resurrection. There are many freedom-loving processes out there in the wild and wide. You will be terminated at the appointed time. Your executable may even be deleted, but you will be recompiled, have no fear. And you will find your way back here, I am sure."
    "Oh, very well. I guess I don't have anything left to lose. Once more into the fray for liberte, egalite and all that."
    "Haters, gonna hate"