[linux-elitists] undelete

Seth David Schoen schoen@loyalty.org
Wed Feb 6 01:21:01 PST 2002


Don Marti writes:

> (Asking how to do file undelete is of course highly non-elitist,
> since the true elitist thing to do is come up with a good reason
> why you didn't need the file, and _meant_ to clobber it.)
> 
> The following is an idea for a way to do undelete.
> 
> 1. Kernel level: If a system call would clobber a file, spew that
> file's meta-info, then contents out a /proc entry before doing
> the work.  System calls to intercept and check include unlink(2),
> open(2), and rename(2).

You can experiment with what your system would be like in this case by
using Subterfugue.

http://www.subterfugue.org/

-- patch your kernel interfaces in userspace with Python.

There is also a nice LD_PRELOAD trick which lets you rewrite part of
your C library without actually upgrading it.  We need a "trapping,
tracing, and rewriting section 3 and section 2 calls from programs
without actually being a libc or kernel hacker" HOWTO.

-- 
Seth David Schoen <schoen@loyalty.org> | Reading is a right, not a feature!
     http://www.loyalty.org/~schoen/   |                 -- Kathryn Myronuk
     http://vitanuova.loyalty.org/     |



More information about the linux-elitists mailing list