This is actually quite interesting - I didn't know you could do that, and I will likely employ it in the future, especially with a remote web server or something you can't immediately get to. So as you roll in, you check your email on your phone, and know walking in what you're getting into and likely how to fix it. From a time-optimization viewpoint, this is nigh-invaluable.
Plus this guy has some other very nifty articles.
But I guess (glancing at first few comments) that "haterz gonna hate."
Fedora's Automated Bug Reporting Tool (abrt) uses this to automatically produce crash reports, which you can sanitize and approve to post in a central location for developers. I imagine that Ubuntu does something similar.
So what happens if the helper application crashes and tries to dump core? Would it try to run another instance of it to handle that crash, and so on, leading to a "core bomb"?
It is nice to know that Linux has this feature, but it essentially amounts to a JIT debugger, and has been in other OSes for a long time. In Windows, it's been there since at least NT 4.
Dangerous: no, but he said interesting, so perhaps. The advantage of using little known features, for rootkits, is that people are less likely to look for them.
it's not a very good rootkit by itself, certainly, as typically rootkits will monkey with the kernel to hide processes and network sockets.
it's interesting because it's probably the simplest rootkit method i can think of (next to setuid binaries). it's less obvious than a setuid. it's not something that anyone sane would use by itself because like i said--it doesn't hide you.
Plus this guy has some other very nifty articles.
But I guess (glancing at first few comments) that "haterz gonna hate."