Linux: can I read the output of another process without using any IPC (pipes, etc.)?

Question

Is it possible in linux to somehow read the output (from stdout and stderr) of another process without it knowing about it? So lets say I have a process A running in the background and process B wants to read its output - is it possible? I can't use pipes or the screen program. I tried reading from /proc/xxx/fd or from /pts/x consoles and so on, but nothing worked so far.

Answer 1

In the kernel I guess you could write a driver that hooks the reads and writes to get what you want.

In User space you could compile a modified glibc which logs out stdout & stderr output to some file along with the process and thread ID for example. But that's risky if you break something. (assuming applications you want to trace are not linked statically or make direct syscalls to the kernel)

Answer 2

I read the implication of your question that you're not about to write kernel code, and that the idea is not to modify the executable that you are spying upon.

Given those constraints, the answer is simple. No. You cannot. The process calls write(1, or write(2, and those could go anywhere, and there's no 'wiretap' provision built into the system to help you see the traffic on the way.