While I'm not about to delete /bin/bash
on any of my systems just to see if this will work under such conditions, I did try
cat /proc/<id>/exe > testfile
being the process ID of a login shell. A quick chmod u+x testfile
, and I could start a new shell process with ./testfile
Edit: Curiousity got the better of me, so I did try it, although I played it safe by using ksh
as my victim rather than bash
. And I backed up ksh first. I know, chicken.
I logged on at one console and ran ksh. I then ran the following commands at another console:
echo Random text > /bin/ksh
At this point ksh is gone, and the file /bin/ksh
contains rubbish. I then ran ps ax | grep ksh
to find the ID of the still-running ksh process (709 in my case). I then did this:
cat /proc/709/exe > /bin/ksh
chmod 755 /bin/ksh
And that resulted in a ksh prompt.