Accidentally overwrote /bin/bash in Debian 6.0.5
 

I must remember never to sudo when tired.

Is there any way to recover from this without reinstalling?

I still have a terminal showing 'myuser@MYBOX:~$' running, is this file cached in any way?

As you still have an open shell, the file is really unlinked, not deleted (yet).

I found an article describing how to recover an unlinked file via the file descriptor in /proc.

Edit: The article points out that you need the ID of the process using the unlinked file in order to find the file descriptor, but it fails to mention that a simple lsof | grep deleted will list all deleted files, with the process name and ID in the first and second columns respectively.

Thanks for the response, that appears to be the right direction to be going in.

lsof +L1 shows bash as process 2666 and 3115 (I overwrote it twice, lol), although the corresponding folders in /proc don't seem to yield anything that looks like my /bin/bash file.

I've done a sudo cp /proc/3115/exe /tmp/testing per the instructions here (seemed easier to follow than the link you provided, no offense), but as I overwrote the file instead of deleting it, is this likely to have fixed it, and how can I be sure?

Inputting bash still gives the fail of a script I overwrote it with (so I could switch between sfw/nsfw wallpapers :P).

Also, so it's noted, there's no way I can get the box connected to the internet (on a seperate XP laptop ATM).

While I'm not about to delete /bin/bash on any of my systems just to see if this will work under such conditions, I did try...with <id> being the process ID of a login shell. A quick chmod u+x testfile, and I could start a new shell process with ./testfile.

Edit: Curiousity got the better of me, so I did try it, although I played it safe by using ksh as my victim rather than bash. And I backed up ksh first. I know, chicken.

I logged on at one console and ran ksh. I then ran the following commands at another console:
At this point ksh is gone, and the file /bin/ksh contains rubbish. I then ran ps ax | grep ksh to find the ID of the still-running ksh process (709 in my case). I then did this:
And that resulted in a ksh prompt.

Okay, it appears the only file with any size in the /proc directories is the 792.1kb exe file.

I've done a sudo cp /proc/3115/exe ~/ and renamed the file to bash, but I have no idea what the typical filesize of /bin/bash is, and Google shows no relevant results. At this point I need to confirm whether this is the correct file, or whether I'd simply be extending my being awake for another few hours (it's 4am now).

Could someone check the size of this file on their system, or confirm whether this is the correct one?

My /bin/bash file is 888kb (version 4.2.24(2)-release).

Does file identify it as an executable?

AWESOME, it looks like it's worked, thanks for your help. Positively identified it as an executable and took the plunge by copying it to /bin/bash (what did I have to lose, after all).

I only lost 3 hours of my life and a perfectly good pr0n wallpaper script (which'll probably take up at least another half hour), but at least my system is alive. I did a GUI-less Debian install for the first time a few days ago, and to hell with seeking out endless niggling packages to fix severe and trivial issues alike all over again.

All is solved before I show up, but to add my two cents anyway...

As long as you still have a working shell, why not just force a full reinstall of bash through apt?

Another option, if you needed to get into a working shell first, would be to grab a copy of the executable from somewhere, such as a live cd, and replacing the bad one.

You should probably then also again force an update to be sure you're using the most compatible version.

Thanks for the response David, but I think I mentioned there was no way I could get the box connected to the internet, the ethernet cable was in a different room to the one where the box was plugged in.

I could've tried moving it, but it'd would've meant losing my working shell so it would have been quite useless I think (I remember trying to login from tty1 was impossible).

Also, from what I've read, copying the file from the live CD wouldn't have been as easy as it sounded (although maybe this would be easier/harder with Debian rather than Ubuntu).