[19:59] <sadmac2> Keybuk: this Garett Cooper guy looks like a pretty l33t h4x0r
[19:59] <sadmac2> he's totally spl0iting upstart
[20:00] <ion_> URL?
[20:00] <sadmac2> ion_: upstart mailing list
[20:01] <ion_> Alright
[20:17] <Keybuk> I liked that he wrote it in the form of an exploit
[20:33] <sadmac2> Keybuk: connection troubles again?
[20:34] <Keybuk> no
[20:34] <Keybuk> KVM
[20:34] <sadmac2> Keybuk: ah
[20:34] <sadmac2> Keybuk: so the release is on Thursday, right?
[20:35] <Keybuk> Ubuntu?
[20:36] <sadmac2> Keybuk: yes
[20:36] <sadmac2> Keybuk: I assume that was the release that has had you scrambling?
[20:36] <Keybuk> indeed
[20:37] <sadmac2> Keybuk: well I have a state machine prototype in a git repo. Expecting a few more tests from a colleague in a bit
[20:48] <sadmac2> Keybuk: also, I don't know if you ever found out yourself, but netstat uses /proc files. no netlink :(
[20:48] <Keybuk> netstat?
[20:49] <sadmac2> Keybuk: yes, I mentioned the idea of doing the expect listen feature without ptrace by simply watching netstat's source of information
[20:49] <sadmac2> which could still work, but will involve polling, or a hefty kernel patch to put inotify into some portions of proc
[20:49] <sadmac2> (I don't imagine Linus is eager to have that patch)
[20:55] <ion_> OTOH, polling /proc shouldn’t be too bad, should it? It isn’t real hardware IO anyway.
[20:57] <sadmac2> ion_: apparently /proc/mounts supports poll
[20:57] <sadmac2> ion_: in the man 2 poll sense of the word
[20:58] <sadmac2> ..does that strike anyone else as strange?
[20:58] <ion_> Sorry, i meant rereading given /proc files periodically.,
[20:59] <sadmac2> ion_: yes, I know :)
[20:59] <sadmac2> I introduced the overloading
[21:20] <sadmac2> Keybuk: so yes, the info comes from /proc/net, which we could do something about in kernelspace (sounds like the prevailing interest is to get rid of non-process related /proc folders)