[Gllug] recover deleted files
Nix
nix at esperi.org.uk
Sun Nov 30 17:07:09 UTC 2008
On 30 Nov 2008, t. clarke stated:
> I didn't actually replace the rm command - that was an oversimplification!
> The new command (rms) is invoked instead - the users are accessing shell
> commands from a menu system.
>
> Unlink is any event a system call so programs that use it would be unaffected
> anyway !
Programs never invoke the unlink() system call directly: they use the
entry point in glibc, and that entry point is a dynamic call, which
means you can use ELF symbol interposition to get in the way. (A google
for LD_PRELOAD will find many examples.)
--
`Not even vi uses vi key bindings for its command line.' --- PdS
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list