Re: [Sudoscript-devel] Hacking on script(1)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I think this idea is dead. Here's some log output from a later version of 
the
code I posted:

Apr 25 13:41:29 howen02 sudo:    howen : TTY=pts/7 ; 
PWD=/home/howen/sandbox/script ; USER=root ; COMMAND=./script
Apr 25 13:41:32 howen02 sudoshell[1263]: howen: ^[OA^[OA^[OB^M
Apr 25 13:41:35 howen02 sudoshell[1263]: howen: ^[OA^[OA^M

I hit 'up-arrow, up-arrow, enter'. Naturally, the shell is the guy that 
interprets
the tabs and such. script(1) just sees the keyboard input. The doshell() 
part
of script just execl's the shell with the proper I/O handles. You could 
intercept the
output, but then you have to decide what is input and what is output, which 
you might
as well do from Perl. I earlier considered this to be impossible to do in a 
general way,
as you cannot rely on PS1 to be set to anything in particular, since it's 
settable by the
user. Hence you can't know for sure what the command prompt looks like.

The consequence of missing the prompt would be loss of audit trail, which I 
judge
to be unacceptable for something like sudoscript.

It does seem possible to tag activity with a username by hacking on 
script(1). I'm
just not sure the considerable effort of maintaining a script(1) fork is 
worth this
marginal benefit.

--On Thursday, April 25, 2002 12:28:18 PM -0700 Howard Owen 
<ho...@nu...> wrote:

> Well, I have proof-of-concept code for a mod to doinput() in the linux
> script(1) source. I haven't rigerously analyzed it for buffer offset goofs
> or anything else for that matter. But I've compiled it and watched my
> commands show up in /var/log/secure as I expected. Here's the code:
>
> doinput() {
> 	register int cc;
> 	char ibuf[BUFSIZ];
> 	char logbuf[LOGBUFSIZ];
> 	char *lbptr;
> 	register int lc;
> 	int line_flag;
> 	lc=-1;
> 	(void) fclose(fscript);
> 	(void) openlog( "sudoshell", LOG_PID, LOG_AUTHPRIV);
>
> 	while ((cc = read(0, ibuf, BUFSIZ)) > 0) {
> 	  (void) write(master, ibuf, cc);
> 	  if (lc+cc >(LOGBUFSIZ-2)){
> 	    logbuf[lc]=0;
> 	    lc=-1;
> 	    (void) syslog(LOG_INFO,"%s",logbuf);
> 	  }
> 	  if (ibuf[cc-1]==13) {
> 	    line_flag=1;
> 	  } else {
> 	    line_flag=0;
> 	  }
> 	  ibuf[cc]=0;
> 	  lbptr=&logbuf[lc+1];
> 	  strncpy(lbptr,ibuf,cc);
> 	  lc+=cc;
> 	  if (line_flag){
> 	    logbuf[lc]=0;
> 	    (void) syslog(LOG_INFO,"%s",logbuf);
> 	    lc=-1;
> 	  }
> 	}
> 	done();
> }
>
> Howard Owen                        "Even if you are on the right
> Nuasis System Administrator         track, you'll get run over if you
> ho...@nu...   408-350-4952     just sit there." - Will Rogers
>
> _______________________________________________
> Sudoscript-devel mailing list
> Sud...@li...
> https://lists.sourceforge.net/lists/listinfo/sudoscript-devel

Howard Owen                      "Even if you are on the right
EGBOK Consultants                 track, you'll get run over if you
hb...@eg...    +1-650-339-5733  just sit there." - Will Rogers