Where to Find Pipe Information?

[David T. Ashley]

Hi,

On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.

The PHP pipe manipulation functions (such as popen) were suggested to me.

Where can I find out more about pipes, specifically:

a)How to use the C library calls to manipulate pipes?

b)The Linux API (below the C library)?

I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.

I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.

Thanks.

 

[Joshua Ruppert]

Hi,

On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.

The PHP pipe manipulation functions (such as popen) were suggested to me.

Where can I find out more about pipes, specifically:

a)How to use the C library calls to manipulate pipes?

b)The Linux API (below the C library)?

I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.

I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.

Thanks.

I don't know Linux resources but have you tried PHP.net?
http://www.php.net/manual/en/function.popen.php

 

[Jerry Stuckle]

Hi,

On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.

The PHP pipe manipulation functions (such as popen) were suggested to me.

Where can I find out more about pipes, specifically:

a)How to use the C library calls to manipulate pipes?

b)The Linux API (below the C library)?

I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.

I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.

Thanks.

I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.

As for using pipes - if you've never used them before, you're going to
need to do a fair amount of reading. The api's aren't complicated, but
handling errors without hanging can sometimes be tricky.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
(e-mail address removed)
==================

 

[Chung Leong]

Hi,

On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.

The PHP pipe manipulation functions (such as popen) were suggested to me.

Where can I find out more about pipes, specifically:

a)How to use the C library calls to manipulate pipes?

Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets() and getc(). To
write to stdout, you use puts() or printf().

If you have a working program already, chances are you can just pipe
data into it and get stuff back out.

 

[Keith Thompson]

The standard C library does not include support for pipes (unless you
count the handling of stdin and stdout, but that requires some
external process to set up the pipe).

There are functions under Unix-like systems, including Linux, for
creating and manipulating pipes, but questions about them are
off-topic in comp.lang.c.

Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets() and getc(). To
write to stdout, you use puts() or printf().

Never use gets(). It makes it practically impossible to avoid buffer
overflows. fgets() is a safe alternative.

 

[David T. Ashley]

I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.

It is my understanding that all command-line arguments are visible to all
processes. Try "ps -Af" on a Linux system.

Dave.

 

[Jerry Stuckle]

It is my understanding that all command-line arguments are visible to all
processes. Try "ps -Af" on a Linux system.

Dave.

For as long as the program is running, and I think only if you're an
admin (but I could be wrong on that).

But who's going to have ssh/telnet access to the system? And how long
is the program going to run?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
(e-mail address removed)
==================

 

[=?iso-8859-1?q?Vel=E1squez,_Constantin?=]

For as long as the program is running, and I think only if you're an
admin (but I could be wrong on that).

But who's going to have ssh/telnet access to the system? And how long
is the program going to run?

A simple script could save the command line argument in a
evil.example.org server (it's very hard to hide it but it could be
inserted in other program or simply replace it).

I suggest to use encrypted environment variables or simple environment
variables for a lower security level.

 

[SadOldGit]

Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()

I seriously hope you are not using gets() !!!!

Extract from man gets
BUGS
Never use gets(). Because it is impossible to tell without
knowing the data in advance how
many characters gets() will read, and because gets() will
continue to store characters past
the end of the buffer, it is extremely dangerous to use. It has
been used to break computer
security. Use fgets() instead.


and getc(). To

 

[Chung Leong]

I seriously hope you are not using gets() !!!!

It's been a while since I last use the stdio function I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.

 

[jmcgill]

It's been a while since I last use the stdio function I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets().

MSDOS lost pipes? When did that happen?

 

[Keith Thompson]

It's been a while since I last use the stdio function I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.

No, it's ok to use gets().

 

[Kenny McCormack]

No, it's ok to use gets().

They'll get you for that.

 

[Keith Thompson]

No, it's ok to use gets().

ARGH!

What I meant to write was:

No, it's *not* ok to use gets().

Never. Never ever.

Use fgets() (and watch out for the trailing '\n'). Or read a
character at a time. Or use some custom routine like ggets().

gets(), for all practical purposes, cannot be used safely. It is a
buffer overflow waiting to happen.

(I'll try to cancel the article, but I doubt that it will work.)

 

[Chung Leong]

ARGH!

What I meant to write was:

No, it's *not* ok to use gets().

Never. Never ever.

Use fgets() (and watch out for the trailing '\n'). Or read a
character at a time. Or use some custom routine like ggets().

gets(), for all practical purposes, cannot be used safely. It is a
buffer overflow waiting to happen.

Well, there is Secure Template Overloads in VC8
(http://msdn2.microsoft.com/en-us/library/ms175759.aspx). Sort of a
pointless feature since a typical C program won't combine as C++
without heavy modification. Anyway, this is totally off topic.

 

[Default User]

ARGH!

What I meant to write was:

No, it's not ok to use gets().

Ah, negation typo. The best kind.

(I'll try to cancel the article, but I doubt that it will work.)

For what it's worth, I didn't see the other. I think NIN is pretty good
about allowing cancels and supercedes.



Brian

 

[Keith Thompson]

Ah, negation typo. The best kind.


For what it's worth, I didn't see the other. I think NIN is pretty good
about allowing cancels and supercedes.

My own news server honored the cancel -- but my error is archived for
eternity on groups.google.com.

Proofread! Proofread! Proffread!

 

[Default User]

Keith Thompson wrote:

My own news server honored the cancel -- but my error is archived for
eternity on groups.google.com.

You may be able to delete it:

<http://groups.google.com/support/bin/answer.py?answer=8380>


It's not entirely clear whether the original message had to be posted
via Google or not, but I don't believe so.



Brian