[ltt-dev] Password snooping using LTTng
Mathieu Desnoyers
compudj at krystal.dyndns.org
Tue Jun 22 14:14:23 EDT 2010
* jerome zh (jeromezhr at gmail.com) wrote:
> Hello,
>
> I learned from the slides on LTTng website that Lttng is capable of
> password snooping.
> I've tried this on my LTTng-enabled kernel, but I did not get the password....
>
> What is the problem? Should I insert extra tracepoints which are
> needed for password snooping?
Which LTTng version are you using ?
It depends on the input subsystem tracing (see ltt-armall, it's now
disabled by default for security reasons) if you want to record
keypress.
In earlier lttng versions, we also traced the write() system call first
bytes of payload, but this instrumentation is currently removed.
Mathieu
>
> --
> Regards,
>
> Jerome
>
> _______________________________________________
> ltt-dev mailing list
> ltt-dev at lists.casi.polymtl.ca
> http://lists.casi.polymtl.ca/cgi-bin/mailman/listinfo/ltt-dev
>
--
Mathieu Desnoyers
Operating System Efficiency R&D Consultant
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list