A deep dive into the concept that Linux kernels act as interpreters for initrds, explored through a self-replicating 'malware' shell script that uses kexec to recursively boot itself. The post reverse-engineers a 20MB shell script that embeds a cpio archive containing a kernel and init script, which uses kexec to replace the running OS with itself indefinitely — a tail-call-optimized recursive OS. The author then extends the concept to explain ELF interpretation via ld.so, binfmt_misc, and how registering a QEMU or kexec script as a cpio interpreter lets you literally execute cpio archives as programs. The piece concludes with a philosophical observation: the interpreter for cpio files on this system is the kernel of its next reboot, and the initrd can be considered a quine of the Linux interpreter.
Table of contents
Reverse engineering rkx.gzSo what really is this thing?Interpret it a different wayThe strangest loopConclusionSort: