Theoreticly, if I know the pid of the bash shell which is running, I can run a cat whose stdout is redirected to the stdin of that shell. It seems to be as if I type something on that shell. Unfortunately, there WILL be stream coming from cat, BUT WILL NOT make the shell act properly (the entered command from cat will not be executed by bash).
Open a terminal:
ps -ef | grep bash ymf 4906 4887 0 16:19 pts/0 00:00:00 /bin/bash
On another terminal:
cat 1> /proc/4906/fd/0 echo 'hello!'
I’m tired of the “one paragraph only” limit in comments =)
If you start a shell
sh, and get the pid
$pid you can find the file descriptors as you describe. An example:
$ ls -l /proc/29201/fd total 0 lrwx------ 1 eroen users 64 Mar 22 15:52 0 -> /dev/pts/2 lrwx------ 1 eroen users 64 Mar 22 15:52 1 -> /dev/pts/2 lrwx------ 1 eroen users 64 Mar 22 15:52 2 -> /dev/pts/2 lrwx------ 1 eroen users 64 Mar 22 15:52 255 -> /dev/pts/2
You will notice that
3 are all symlinks to the same tty (a chardev). In other words, the input to the process is read from the same device node as the outputs are written to.
When you attempt to write (in a different process) to the same tty (as either
/dev/pts/? you accomplish exactly the same thing as the process itself does when it writes data to it’s output; the data shows up in the terminal window.
Actually changing where fd[0-2] point after starting a process is fairly complicated, but not impossible. Reptyr is a free open source application that modifies an existing process so it’s fd[0-2] point to a different tty (as well as some other stuff). This is accomplished through the ptrace framework. The post also mentions other softwares that do the same thing, and that it can be done through gdb.
Depending on what you actually wanted to accomplish, you might find Reptyr or some other software does what you need. Otherwise, you can look at/copy/modify the source code and find out how they do the trick.