Comment 36 for bug 1219337

Hi Mark,

In your first hexdump, this is what those values represent:

00013 = id of the device the tty is on
34816 = device id of the tty file
00003 = inode of the tty file
01000 = uid of the tty file
00005 = gid of the tty file
31291 = sid

The id of the device the tty is on is known. So is the uid and gid.
The device id of the tty file can be found in auth.log.

So that leaves the inode of the tty file and the sid.

You need to be able to open a new tty and hit the same tty number, the same sid and the same inode, and you need to do it blindly without knowing in advance what the inode and the sid were.