Redirecting stderr of a running process May 4, 2018 on Drew DeVault's blog

During the KDE sprint in Berlin, Roman Gilg leaned over to me and asked if I knew how to redirect the stderr of an already-running process to a file. I Googled it and found underwhelming answers using strace and trying to decipher the output by reading the write syscalls. Instead, I thought a gdb based approach would work better, and after putting the pieces together Roman insisted I wrote a blog post on the topic.

gdb, the GNU debugger, has two important features that make this possible:

With this it’s actually quite straightforward. The process is the following:

  1. Attach gdb to the running process
  2. Run compile code -- dup2(open("/tmp/log", 65), 2)

The magic 65 here is the value of O_CREAT | O_WRONLY on Linux, which is easily found with a little program like this:

#include <sys/stat.h>
#include <fcntl.h>

int main(int argc, char **argv) {
    printf("%d\n", O_CREAT | O_WRONLY);
    return 0;
}

2 is always the file descriptor assigned to stderr. What happens here is:

  1. Via open, the file you want to redirect to is created.
  2. Via dup2, stderr is overwritten with this new file.

The compile code gdb command will compile some arbitrary C code and run the result in the target process, presumably by mapping some executable RAM and loading it in, then jumping to the blob. Closing gdb (control+d) will continue the process, and it should start writing out to the file you created.

There are lots of other cool (and hacky) things you can do with gdb. I once disconnected someone from an internet radio by attaching gdb to nginx and closing their file descriptor, for example. Thanks to Roman for giving me the chance to write an interesting blog post on the subject!

Have a comment on one of my posts? Start a discussion in my public inbox by sending an email to ~sircmpwn/public-inbox@lists.sr.ht [mailing list etiquette]

Articles from blogs I read Generated by openring

Summary of changes for November

Hey everyone! This is the list of all the changes we've done to our projects and apps during the month of November. We'll also be reporting in our on position in the world, and on our future plans. Summary Of Changes Donsol, designed a donsol tu…

via Hundred Rabbits December 1, 2021

Announcing chat.sr.ht: a persistent IRC session for sourcehut users

About one month ago, we began a private beta for chat.sr.ht, the next flagship sourcehut product. Starting today, this service is now available to all paid sourcehut users. chat.sr.ht is a hosted IRC bouncer service, which maintains a persistent IRC connectio…

via Blogs on Sourcehut November 29, 2021

Major errors on this blog (and their corrections)

Here's a list of errors on this blog that I think were fairly serious. While what I think of as serious is, of course, subjective, I don't think there's any reasonable way to avoid that because, e.g., I make a huge number of typos, so many tha…

via danluu.com November 22, 2021