Re: About user monitoring
On Wed, Apr 17, 2002 at 01:45:09AM +0200, martin f krafft wrote:
> also sprach Halil Demirezen <halild@bilmuh.ege.edu.tr> [2002.04.16.1911 +0200]:
> >
> > I am planning to write code that will load the users terminal screens to
> > my screen. And root will surely manage that. Is there anyone to tell me
> > any link which contains information about this subject.
> [...]
> /dev/tty* and /dev/pts/* shall be your friend.
If you want to see what's currently displayed, you have to have captured
the terminal traffic that produced it, so you have to start capturing ahead
of time. To get what's actually displayed on a Linux text console, you can
use /dev/vcs* and/or /dev/vcsa*. (I'm not sure what the difference is.) To
do this with an xterm, you would have to modify the code to add a feature
that allows you to ask it for it's contents.
Alternatively, if you talk to the X server directly, you can capture what's
displayed on the screen with any program you like. xwd(1) is probably a
good choice, because it doesn't have a GUI which would get displayed on the
screen of the user you're spying on.
To get access to the X server, get the X authorization stuff from
~user/.xauth. Use xauth(1) to copy the auth key, instead of just symlinking
/root/.xauth to the user's file, so a well-constructed .xauth can't subvert
a program running as root. (I wouldn't trust X software to be secure when I
don't have to, and this would be an uncommon attack channel, and thus not so
likely to be well secured.)
Err, happy hacking, Big Brother.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: