-
August 10th, 2004, 05:26 PM
#1
discovering a session's env variables?
Does anyone here know of a way for root to discover the environment variables being used by a particular user or session? For example, if a user named 'mrx' is logged onto my system, is there a way for me as root to read the environment variables he is using for that sesson?
/* You are not expected to understand this. */
-
August 10th, 2004, 06:12 PM
#2
Hrmm.. the closest I can think of is to su to root, then su to the user and then type env. I don't know specifically of any external command that let's you see the environment variables of a user (you are referring to shell environment aren't you?)
Just a quick add-on. Remember to use su - username rather than su by itself. If it's just su then local scripts like .bash_profile won't be run and you'll end up with the env of root rather than the user.
-
August 10th, 2004, 06:27 PM
#3
Thanks for the response MsMittens. Your suggestion would work if I only wanted to discover the preset env variables established by the profile or any login scripts. I was thinking more of the dynamic env variables set during the session. If I were to su to the user (su - mrx), the system would create a new session for that user -- env variables from another active session would not apply.
/* You are not expected to understand this. */
-
August 10th, 2004, 06:29 PM
#4
Hrmm.. unless you had a script that activated when they logged in (maybe something in the .bash_profile/.profile file itself?), recorded that info and sent it to a log? Perhaps a simple shell script that would pull that info?
Off-hand I can't think of any command. Perhaps a search for a third-party app?
-
August 10th, 2004, 06:45 PM
#5
im trying to research thru Linux memory structures to take a look, but it is been unsucessfull.
If u have info about that, maybe you can find.
I was looking at process memory map. All variables should be there (somewhere)....
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
August 10th, 2004, 06:56 PM
#6
i have no linux to take a look, but it maybe here:
/proc/[process number]/
a lot of info for each process running
and
/proc/[process number]/environ
may have what you want..
take a look at this
http://www2.yo-linux.com/cgi-bin/man...n=5&topic=proc
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
August 10th, 2004, 07:30 PM
#7
Thanks cacosapo and MsMittens. I think the closest I can get is the /proc/(procid)/environ file for the shell process. It lists several environment variables, but it doesn't list any that I dynamically add during the session, and it doesn't list several others that were. I'll keep digging, but I'm not expecting to find anything now. If I find something, I'll post it, though. Thanks again!
/* You are not expected to understand this. */
-
August 10th, 2004, 07:32 PM
#8
Check the user's history file...by default, it's something like .bash_history. It's an easy file to forget that exists (unless they're disabling it in their own .bash_profile. It could provide something.
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
-
August 11th, 2004, 08:09 PM
#9
This is a bit tricky since you want to see the env vars you add. I think the environ file in proc only shows the vars that the bash (or whatever shell) process was started with and inherited. I dont believe that the exported variables from the terminal are actually added to the pointer array, however.... I think any child process that is created by the bash process WILL inherit the new environ array, so all you have to do is peek in a process the user has started to see the new env vars. It would probably be quite easy to write a C program to do this for you but I'm a lazy man so I'll show you a really dirty way.
[root@Dagon maestro]# who
root :0 Jul 19 11:19
root pts/0 Jul 19 11:20
maestro pts/1 Aug 11 07:42 (xxx.xxx.xxx.xxx)
root pts/2 Aug 11 10:37 (:0.0)
webmaste pts/3 Aug 11 10:31 (xxx.xxx.xxx.xxx)
[root@Dagon maestro]# ps -a | grep "pts/3"
13581 pts/3 00:00:00 vi
[root@Dagon maestro]# gdb
GNU gdb 5.2.1-2mdk (Mandrake Linux)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux-gnu".
(gdb) attach 13581
Attaching to process 13581
Reading symbols from /usr/bin/vim-enhanced...(no debugging symbols found)...
done.
<snip>
0x4038b10e in select () from /lib/i686/libc.so.6
Lets print the global var environ which points to an array of pointers where the vars are contained.
(gdb) p environ
$1 = (char **) 0xbffffa4c
Where does it point?
(gdb) x 0xbffffa4c
0xbffffa4c: 0xbffffb77
Now lets just grab a chunk and spit out the first 100 characters.
(gdb) x/100c 0xbffffb77
0xbffffb77: 76 'L' 69 'E' 83 'S' 83 'S' 75 'K' 69 'E' 89 'Y' 61 '='
0xbffffb7f: 47 '/' 101 'e' 116 't' 99 'c' 47 '/' 46 '.' 108 'l' 101 'e'
0xbffffb87: 115 's' 115 's' 0 '\0' 76 'L' 67 'C' 95 '_' 77 'M' 79 'O'
0xbffffb8f: 78 'N' 69 'E' 84 'T' 65 'A' 82 'R' 89 'Y' 61 '=' 101 'e'
0xbffffb97: 110 'n' 95 '_' 85 'U' 83 'S' 0 '\0' 72 'H' 79 'O' 83 'S'
0xbffffb9f: 84 'T' 78 'N' 65 'A' 77 'M' 69 'E' 61 '=' 68 'D' 97 'a'
0xbffffba7: 103 'g' 111 'o' 110 'n' 0 '\0' 84 'T' 69 'E' 82 'R' 77 'M'
0xbffffbaf: 61 '=' 120 'x' 116 't' 101 'e' 114 'r' 109 'm' 0 '\0' 83 'S'
0xbffffbb7: 72 'H' 69 'E' 76 'L' 76 'L' 61 '=' 47 '/' 98 'b' 105 'i'
0xbffffbbf: 110 'n' 47 '/' 98 'b' 97 'a' 115 's' 104 'h' 0 '\0' 72 'H'
0xbffffbc7: 73 'I' 83 'S' 84 'T' 83 'S' 73 'I' 90 'Z' 69 'E' 61 '='
0xbffffbcf: 49 '1' 48 '0' 48 '0' 48 '0' 0 '\0' 84 'T' 77 'M' 80 'P'
0xbffffbd7: 68 'D' 73 'I' 82 'R' 61 '='
Translates to:
LESSKEY=/etc/.less
LC_MONETARY=en_US
HOSTNAME=Dagon
TERM=xterm
SHELL=/bin/bash
HISTSIZE=1000
TMPDIR=
Of course you'll need more than 100 to see all of it, the array is terminated by a null pointer so you'll see the end.
PS. gdb automatically stops any process you attach it to so, dont do this to a process the user would notice stopping. (aka bash )
-Maestr0
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
-
August 17th, 2004, 03:26 PM
#10
Sorry Maestro, I didn't notice this one when you first posted it, but this is damn cool. I shower you with greenies! Thanks!
/* You are not expected to understand this. */
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|