# Re-enabled tty logging. Index: linux-2.6.17/arch/um/Kconfig.char =================================================================== --- linux-2.6.17.orig/arch/um/Kconfig.char 2007-10-24 10:04:50.000000000 -0400 +++ linux-2.6.17/arch/um/Kconfig.char 2007-11-19 11:40:01.000000000 -0500 @@ -232,4 +232,15 @@ config MMAPPER This driver allows a host file to be used as emulated IO memory inside UML. +config TTY_LOG + bool "Enable tty logging" + help + The User-Mode Linux environment has the ability to log all data going + through UML terminals out to the host. This is primarily useful for + honeypots, although other security-related applications might find it + useful as well. + + See for more + information and command line examples of how to use this facility. + endmenu Index: linux-2.6.17/drivers/char/tty_io.c =================================================================== --- linux-2.6.17.orig/drivers/char/tty_io.c 2007-10-24 10:04:50.000000000 -0400 +++ linux-2.6.17/drivers/char/tty_io.c 2007-11-19 11:40:01.000000000 -0500 @@ -1716,6 +1716,23 @@ void start_tty(struct tty_struct *tty) tty_wakeup(tty); } +#ifdef CONFIG_TTY_LOG + +int (*open_log)(void *, void *) = NULL; +int (*write_log)(int, const char *, int, void *, int) = NULL; +void (*close_log)(int, void *) = NULL; + +void register_tty_logger(int (*opener)(void *, void *), + int (*writer)(int, const char *, int, void *, int), + void (*closer)(int, void *)) +{ + open_log = opener; + write_log = writer; + close_log = closer; +} + +#endif + EXPORT_SYMBOL(start_tty); /** @@ -1760,8 +1777,13 @@ static ssize_t tty_read(struct file * fi i = -EIO; tty_ldisc_deref(ld); unlock_kernel(); - if (i > 0) + if (i > 0) { inode->i_atime = current_fs_time(inode->i_sb); +#ifdef CONFIG_TTY_LOG + if ((tty->log_fd >= 0) && (write_log != NULL)) + (*write_log)(tty->log_fd, buf, i, tty, 1); +#endif + } return i; } @@ -1866,6 +1888,10 @@ static inline ssize_t do_tty_write( struct inode *inode = file->f_path.dentry->d_inode; inode->i_mtime = current_fs_time(inode->i_sb); ret = written; +#ifdef CONFIG_TTY_LOG + if ((tty->log_fd >= 0) && (write_log != NULL)) + (*write_log)(tty->log_fd, buf - ret, ret, tty, 0); +#endif } out: tty_write_unlock(tty); @@ -2562,6 +2588,10 @@ static void release_dev(struct file * fi tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY)); tty_set_termios_ldisc(o_tty,N_TTY); } +#ifdef CONFIG_TTY_LOG + if ((tty->log_fd >= 0) && (close_log != NULL)) + (*close_log)(tty->log_fd, tty); +#endif /* * The release_tty function takes care of the details of clearing * the slots and preserving the termios structure. @@ -2869,6 +2899,13 @@ static int tty_fasync(int fd, struct fil if (!tty->fasync && !waitqueue_active(&tty->read_wait)) tty->minimum_to_wake = N_TTY_BUF_SIZE; } +#ifdef CONFIG_TTY_LOG + if ((tty->log_fd < 0) && (open_log != NULL)) { + task_lock(current); + tty->log_fd = (*open_log)(tty, current->signal->tty); + task_unlock(current); + } +#endif return 0; } @@ -3731,6 +3768,9 @@ static void initialize_tty_struct(struct spin_lock_init(&tty->read_lock); INIT_LIST_HEAD(&tty->tty_files); INIT_WORK(&tty->SAK_work, do_SAK_work); +#ifdef CONFIG_TTY_LOG + tty->log_fd = -1; +#endif } /* Index: linux-2.6.17/include/linux/tty.h =================================================================== --- linux-2.6.17.orig/include/linux/tty.h 2007-11-19 10:40:58.000000000 -0500 +++ linux-2.6.17/include/linux/tty.h 2007-11-19 11:40:01.000000000 -0500 @@ -241,6 +241,9 @@ struct tty_struct { spinlock_t read_lock; /* If the tty has a pending do_SAK, queue it here - akpm */ struct work_struct SAK_work; +#ifdef CONFIG_TTY_LOG + int log_fd; +#endif }; /* tty magic number */