How does swapping stdin and stderr work?
Sometimes I want to call something in bash,
but work with its stderr stream instead of its stdout.
The advice on the web is to swap its stderr and stdout
using the magic string 3>&2 2>&1 1>&3-.
Here’s an example of such a program:
$ ./test
This goes to stdout
This goes to stderr
$ ./test | tr '[a-z]' '[A-Z]'
This goes to stderr
THIS GOES TO STDOUT
$ (./test 3>&2 2>&1 1>&3-) | tr '[a-z]' '[A-Z]'
This goes to stdout
THIS GOES TO STDERR
Here I’m using tr '[a-z]' '[A-Z]' to distinguish stdout from stderr.
The text in uppercase is that which is passed through the pipe;
the text in lowercase is printed directly to the terminal as stderr.
Notice in the third command,
the magic string 3>&2 2>&1 1>&3-
causes the normally-stdout text from ./test to be printed as error text,
and causes the normally-stderr text from ./test to be passed through the pipe.
That is, 3>&2 2>&1 1>&3- swapped stdout and stderr.
But how did it do that?
The instruction 3>&2 is shell-speak for
“copy file descriptor 2 to file descriptor 3”.
(The syntax here is particularly unintuitive.
I would have expected 3>&2 to mean “copy file descriptor 3 to file descriptor 2”.)
The shell achieves this copying with the system call dup2,
described as:
#include <unistd.h>
int dup2(int oldfd, int newfd);
dup2() makes newfd be the copy of oldfd, closing newfd first if necessary ...
After a successful return from one of these system calls,
the old and new file descriptors may be used interchangeably.
They refer to the same open file description (see open(2)) and thus share file offset and file status flags.
Thus, 3>&2 corresponds to a call to dup2(2,3),
2>&1 corresponds to dup2(1,2),
and 1>&3 corresponds to dup2(3,1).
Actually, the magic string uses the slightly different command 1>&3-.
Notice the hyphen - on the end.
This hyphen corresponds to the system call close(3),
closing file descriptor 3.
Bash evaluates these from left to right,
so the magic string 3>&2 2>&1 1>&3-
corresponds to the system calls:
dup2(2,3); dup2(1,2); dup2(3,1); close(3).
We can do this ourselves in C.
Here’s the source of the ./test program:
#include <stdio.h>
int main(void) {
fprintf(stdout, "This goes to stdout\n");
fprintf(stderr, "This goes to stderr\n");
}
By putting those system calls at the start of our program,
we can swap the destinations of those fprintf calls:
#include <stdio.h>
#include <unistd.h>
int main(void) {
dup2(2, 3);
dup2(1, 2);
dup2(3, 1);
close(3);
fprintf(stdout, "This goes to stdout\n");
fprintf(stderr, "This goes to stderr\n");
}
$ ./test_swapped | tr '[a-z]' '[A-Z]'
This goes to stdout
THIS GOES TO STDERR
But why do those calls to dup2 and close swap stdin and stdout?
The three calls to dup2 are the standard “swap” algorithm,
using file descriptor 3 as “swap space”.
Finally the close call removes the swap space.
Here I’ve annotated the calls to show the state of the file descriptors:
dup2(2, 3);
dup2(1, 2);
dup2(3, 1);
close(3);
Similar posts
How do I duplicate a file descriptor in C?
Use the dup system call to duplicate a file descriptor in C, allowing two references to the same underlying pipe. 2017-02-15
How do I close a file descriptor in C?
To close a file descriptor in C, use the close system call. Multiple descriptors can reference the same underlying file or pipe. The pipe is only closed when all references are closed. 2017-02-16
What is lsof?
lsof lists open system resources, including pipes, sockets, and yes, files. It shows their type, owner, and location. 2017-02-20
How less works: the terminal’s alternative buffer
less uses the terminal’s “alternate screen” feature to clear the screen and display the contents of a file, and then restores the previous screen when exiting. 2017-12-04
What is perror in C?
perror in C prints a human-readable description of the last error that occurred, as stored in the global errno variable. 2016-12-24
How do I call a program from C?
To call a program from C, use `fork` then `execve`. There is no more direct way! 2017-02-07
More by Jim
What does the dot do in JavaScript?
foo.bar, foo.bar(), or foo.bar = baz - what do they mean? A deep dive into prototypical inheritance and getters/setters. 2020-11-01
Smear phishing: a new Android vulnerability
Trick Android to display an SMS as coming from any contact. Convincing phishing vuln, but still unpatched. 2020-08-06
A probabilistic pub quiz for nerds
A “true or false” quiz where you respond with your confidence level, and the optimal strategy is to report your true belief. 2020-04-26
Time is running out to catch COVID-19
Simulation shows it’s rational to deliberately infect yourself with COVID-19 early on to get treatment, but after healthcare capacity is exceeded, it’s better to avoid infection. Includes interactive parameters and visualizations. 2020-03-14
The inception bar: a new phishing method
A new phishing technique that displays a fake URL bar in Chrome for mobile. A key innovation is the “scroll jail” that traps the user in a fake browser. 2019-04-27
The hacker hype cycle
I got started with simple web development, but because enamored with increasingly esoteric programming concepts, leading to a “trough of hipster technologies” before returning to more productive work. 2019-03-23
Project C-43: the lost origins of asymmetric crypto
Bob invents asymmetric cryptography by playing loud white noise to obscure Alice’s message, which he can cancel out but an eavesdropper cannot. This idea, published in 1944 by Walter Koenig Jr., is the forgotten origin of asymmetric crypto. 2019-02-16
How Hacker News stays interesting
Hacker News buried my post on conspiracy theories in my family due to overheated discussion, not censorship. Moderation keeps the site focused on interesting technical content. 2019-01-26
My parents are Flat-Earthers
For decades, my parents have been working up to Flat-Earther beliefs. From Egyptology to Jehovah’s Witnesses to theories that human built the Moon billions of years in the future. Surprisingly, it doesn’t affect their successful lives very much. For me, it’s a fun family pastime. 2019-01-20
The dots do matter: how to scam a Gmail user
Gmail’s “dots don’t matter” feature lets scammers create an account on, say, Netflix, with your email address but different dots. Results in convincing phishing emails. 2018-04-07
The sorry state of OpenSSL usability
OpenSSL’s inadequate documentation, confusing key formats, and deprecated interfaces make it difficult to use, despite its importance. 2017-12-02
I hate telephones
I hate telephones. Some rational reasons: lack of authentication, no spam filtering, forced synchronous communication. But also just a visceral fear. 2017-11-08
The Three Ts of Time, Thought and Typing: measuring cost on the web
Businesses often tout “free” services, but the real costs come in terms of time, thought, and typing required from users. Reducing these “Three Ts” is key to improving sign-up flows and increasing conversions. 2017-10-26
Granddad died today
Granddad died. The unspoken practice of death-by-dehydration in the NHS. The Liverpool Care Pathway. Assisted dying in the UK. The importance of planning in end-of-life care. 2017-05-19
How do I call a program in C, setting up standard pipes?
A C function to create a new process, set up its standard input/output/error pipes, and return a struct containing the process ID and pipe file descriptors. 2017-02-17
Your syntax highlighter is wrong
Syntax highlighters make value judgments about code. Most highlighters judge that comments are cruft, and try to hide them. Most diff viewers judge that code deletions are bad. 2014-05-11
Want to build a fantastic product using LLMs? I work at
Granola where we're building the future IDE for knowledge work. Come and work with us!
Read more or
get in touch! This page copyright James Fisher 2018. Content is not associated with my employer. Found an error? Edit this page.
TigYog
Kickabout