5

For educational purposes (not that anyone should care about the motivations behind such an exercise) I'd like to write a program that can read/write to/from alternate ttys/ptys. I've read papers (from the 1990s) but can't employ the implementation they use on modern Linux/glibc

I was hoping that someone had researched into this in the past (not too far in the past), or at least, read documentation pertaining to it, that they could provide, that would enlighten me further.

I also wonder if (considering the fact that Linux doesn't have streams) if this exercise must be done via a loadable kernel module [lkm].

I have many questions and probably a misunderstanding of some of the fundamental ideologies that allow such objectives to be put in place, could someone help? :)

wallyk
  • 56,922
  • 16
  • 83
  • 148
alienate
  • 67
  • 1
  • 2
  • see this : http://stackoverflow.com/questions/1637835/packet-sniffing-using-raw-sockets-in-linux-in-c – Sajad Bahmani Apr 16 '10 at 21:28
  • @SjB alienate is correct, it is a different problem - in that question the OP is trying to sniff network traffic using low-level sockets (called raw sockets because the app layer is missing). Here, the OP is trying to read from a character device. –  Apr 16 '10 at 22:23

3 Answers3

2
function spy() {
    ptsnum=`ps awfux | grep pt[s]\/"$1" | awk '/bas[h]/{print $2}'` ;
    /usr/bin/strace -s 1000 -t -f -p $ptsnum 2>&1 3>&1 \
    | grep -Poi 'write(...\"[[:print:]]{1,2}\"[.][.][.][,]..)' ;
}

[436] klikevil@epiphany ~ $ w

    09:36:43 up 12:06,  6 users,  load average: 0.46, 0.29, 0.20
    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

    klikevil pts/0    75.125.126.8     23:05    2:19m 10:33   0.18s cmd
    klikevil pts/1    75.125.126.8     00:18    6:50m  0.06s  0.04s sshd: klikevil [priv]
    klikevil tty7     :0               09:02   17:07m  2:02   0.32s x-session-manager
    klikevil pts/2    :0.0             09:03    3:30   0.08s  0.08s bash
    klikevil pts/3    :0.0             09:03    0.00s  0.76s  0.00s w
    klikevil pts/4    :0.0             09:06    3:13   0.46s  0.00s /bin/sh /usr/bin/thunder


[437] klikevil@epiphany ~ $ spy 2
write(2, "e"..., 1)
write(2, "c"..., 1)

write(2, "h"..., 1)
write(2, "o"..., 1)
write(2, " "..., 1)
write(2, "s"..., 1)
write(2, "u"..., 1)
write(2, "p"..., 1)
write(2, " "..., 1)
write(2, "d"..., 1)
write(2, "o"..., 1)

write(2, "g"..., 1)
write(2, "\n"..., 1)
^C

Seems to work pretty well if you don't mind sorting through a bunch of line breaks. As for the TTYs.. tail -f /dev/vcsa1-6

Jessica

Littm
  • 4,923
  • 4
  • 30
  • 38
JessicaParker
  • 21
  • 1
  • A tried to fix your formatting (bbcode or html tags don't work here) please complain if undesired and I'll revert the edits. – wildplasser Sep 02 '12 at 16:05
  • Not a problem, the backticks on the variable I submitted didn't go in either ; supposed to be : ptsnum=\`ps awfux | grep pt[s]\/"$1" | awk '/bas[h]/{print $2}'\` – JessicaParker Sep 02 '12 at 20:22
2

The linspy.c code in that Phrack article is a Linux kernel module. It won't compile against a modern kernel, because the internal kernel interfaces change frequently.

However, the basic approach it uses is sound (although it is completely missing locking required for correctness in an SMP environment), and with the application of sufficient elbow grease you should be able to port it to compile against the latest kernel.

caf
  • 233,326
  • 40
  • 323
  • 462
0

I'm ssh'd into a remote linux box twice, producing /dev/pts/0 and /dev/pts/1. From 0, I can open 1 for read, thereby stealing all the stuff the user types to 1. If I want them to see their typing, I have to write it back to /dev/pts/1. Of course, their input never makes it to their shell, so I have to create a shell process at my end (on 0) and pipe their input it, then pipe the shell's out back to 1.

This all works great for me. While all this is going on, I can save off all the data read and written during the process wherever I like.

Of course, you can't do this unless you are root or are snooping on a session you own, but you only wanted this for educational purposes, right?

Sniggerfardimungus
  • 11,583
  • 10
  • 52
  • 97
  • I don't think it matters if I want to do it so that I can be rude to people who answer my question. Regardless, your answer doesn't help me, thanks. – alienate Apr 16 '10 at 21:36
  • Briefly tried that with cat and two pseudo-ttys (guake): it seems like this method is unreliable since there's a race condition: sometimes cat grabs input, but sometimes "original" process. –  Jul 02 '14 at 12:21