Summary: | Allow control of automatic stdio buffering using env variables | ||
---|---|---|---|
Product: | glibc | Reporter: | Pádraig Brady <P> |
Component: | libc | Assignee: | Ulrich Drepper <drepper.fsp> |
Status: | REOPENED --- | ||
Severity: | enhancement | CC: | carlos, glibc-bugs, ppluzhnikov, zack+srcbugz |
Priority: | P3 | Flags: | fweimer:
security-
|
Version: | unspecified | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: |
Description
Pádraig Brady
2006-03-14 13:00:40 UTC
Hell, no. Programs expect a certain buffer mode and perhaps would work unexpectedly if this changes. By setting a mode to unbuffered, for instance, you can easily DoS a system. I can think about enough other reasons why this is a terrible idea. Programs explicitly must request a buffering scheme so that it matches the way the program uses the stream. According to https://blog.plover.com/Unix/stdio-buffering-2.html , this feature was in fact added to NetBSD (see also https://mail-index.netbsd.org/tech-userlevel/2015/07/14/msg009247.html et seq) and has not caused problems there. I think we should reconsider. Yes, a program (or an entire process tree) could be forced to suffer much greater I/O overhead using this feature, but I don't think it rises to the level of "denial of service", there are other ways for a determined Mallory to get the same effect, and there are obvious positive use cases for e.g. manually overriding the output of a long-running program to be line-buffered even if it's going to a pipe. I agree that this is a debugging facility (not unlike MALLOC_CHECK_), that can be very handy at times. Came across this today following this social media discussion: https://fosstodon.org/@b0rk@jvns.ca/112995960127371014 We have glibc tunables today, so we could expose: GLIBC_TUNABLES=glibc.stdin.buffer.mode=_IONBF;glibc.stdin.buffer.size=1048576 And likewise glibc.stdout.* and glibc.stderr.* Someone would likely add the support into libio/stdfiles.c (_IO_stdfiles_init), and wire things into libio/genops.c when the buffers are created in _IO_*doallocate replacing the static use of BUFSIZ (8192 bytes) for all the setup. I think we should use the same environment variables and value syntax as NetBSD did for their version of this feature. See links in comment 2. (In reply to Zack Weinberg from comment #5) > I think we should use the same environment variables and value syntax as > NetBSD did for their version of this feature. See links in comment 2. I disagree with this because it creates a difficult to clean environment where environment variables have names that change dynamically based on the file descriptor numbers. I have a hard objection to this kind of design because of the complexity it imposes on downstream applications trying to clear environments of certain kinds of variables. I can support having STDBUF, STDBUF1, STDBUF2, and STDBUF3 as compatibiltiy for "all" and stdin, stdout, and stderr, but not more than that. Everything else should go into GLIBC_TUNABLES. |