[GTALUG] How much do you know about how linux executes binaries?

D. Hugh Redelmeier hugh at mimosa.com
Wed Dec 11 19:12:57 EST 2019 

| From: Lennart Sorensen via talk <talk at gtalug.org>

| root at ECA:~# cd /var
| root at ECA:/var# mv core.* /*   [clearly that trailing * was not meant to be there]
| [bunch of errors about target already existing]

"/*" matched every name in / (not dotfiles)

The last name matched was /var.  We know this because of the list that
Lennart gave us later -- we might have had to figure this out
ourselves.

Ignoring the clashing names and /var, everything that was in / was
moved to /var.

| root at ECA:/var# ls
| -bash: /bin/ls: No such file or directory

Clearly some fundamental tools are impaired.

The first reason (but not the only one) is that /bin has been moved to
/var/bin (but we may not realize this right away).

Note: usually echo is built into the shell so
	echo *
would work as a substitute for
	ls

| So what do you do now?

Take a break to calm down.  Anything you do in a panic is likely to
make things worse.

Make a plan.  Before you take any step that might be irreversible.
Exploring is OK.

| I was able to fix it in about 5 minutes without using anything other
| than what was on the running system?  Interesting little problem.

It's true that this is an interesting problem.  But getting tricky
when confronted with an emergency isn't always wise.

I would probably boot from a live system on a USB stick, mount /
somewhere, and look around.  Fixing things from such a system is
actually simpler than trying to do so from the busted system.  You
don't need a deep understanding of the mechanisms for run-time
linking.  You won't need to get the dynamic linker and libraries back
onstream.

A clean shutdown will be a challenge but it probably doesn't matter.
After booting the live system, do an fsck on the original system's /
to make up for a bad shutdown.

| The original state of the system was:

That's really nice to know.  In many scenarios you would not know
this.

- this lets you figure out where everything went without any detective
  work (/var)

- this lets you figure out what must be moved back.

More information about the talk mailing list