stdbuf with setuid/capabilities

半腔热情 提交于 2019-12-06 01:42:28
Ben Kelly

From looking at the stdbuf source code it looks like it works by setting LD_PRELOAD. There are of course security concerns using LD_PRELOAD with setuid executables or sudo.

One suggestion I found was to disable the noatsecure selinux attribute for your executable.

Another, simpler, option would be to avoid stdbuf and simply call fflush(stdout) from your source code directly.

Solution without LD_PRELOAD

You can use the unbuffer utility which is part of the expect (expect-devel) package. unbuffer is a very short expect script. It does not need LD_PRELOAD because it uses another trick. expect creates a pseudo terminal (like xterm or ssh) so the process executed using unbuffer is fooled to think it is writing to an interactive device therefore by default it uses line buffering on stdout.

Usage in your case:

unbuffer ./writer | ./reader

If stdbuf works with the program unbuffer would work with a high probability too. Because LD_PRELOAD poses some limitations unbuffer has advantages over stdbuf. Contrary to stdbuf it will work with these sorts of executables:

  • setuid
  • with file capabilities
  • statically linked
  • not using standard libc
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!