Where to Find Pipe Information?

**Joshua Ruppert** · Aug 15 '06, 02:45 AM

Re: Where to Find Pipe Information?

David T. Ashley wrote:

Hi,
>
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication) , and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
>
The PHP pipe manipulation functions (such as popen) were suggested to me.
>
Where can I find out more about pipes, specifically:
>
a)How to use the C library calls to manipulate pipes?
>
b)The Linux API (below the C library)?
>
I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.
>
I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.
>
Thanks.

I don't know Linux resources but have you tried PHP.net?

PHP: popen - Manual

http://www.php.net/manual/en/function.popen.php

Opens process file pointer

**Jerry Stuckle** · Aug 15 '06, 03:05 AM

Re: Where to Find Pipe Information?

David T. Ashley wrote:

Hi,
>
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication) , and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
>
The PHP pipe manipulation functions (such as popen) were suggested to me.
>
Where can I find out more about pipes, specifically:
>
a)How to use the C library calls to manipulate pipes?
>
b)The Linux API (below the C library)?
>
I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.
>
I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.
>
Thanks.
>
>
>

I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.

As for using pipes - if you've never used them before, you're going to
need to do a fair amount of reading. The api's aren't complicated, but
handling errors without hanging can sometimes be tricky.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Chung Leong** · Aug 15 '06, 03:35 AM

Re: Where to Find Pipe Information?

David T. Ashley wrote:

Hi,
>
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication) , and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
>
The PHP pipe manipulation functions (such as popen) were suggested to me.
>
Where can I find out more about pipes, specifically:
>
a)How to use the C library calls to manipulate pipes?

Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets() and getc(). To
write to stdout, you use puts() or printf().

If you have a working program already, chances are you can just pipe
data into it and get stuff back out.

**Keith Thompson** · Aug 15 '06, 04:45 AM

Re: Where to Find Pipe Information?

"Chung Leong" <chernyshevsky@ hotmail.comwrit es:

David T. Ashley wrote:

>On a Linux platform, I have the need to call a compiled 'C' program from a
>PHP script (to do some special authentication) , and to keep the information
>passed from the PHP script to the compiled 'C' program secret, i.e. the
>information should not be passed on the command-line.
>>
>The PHP pipe manipulation functions (such as popen) were suggested to me.
>>
>Where can I find out more about pipes, specifically:
>>
>a)How to use the C library calls to manipulate pipes?

The standard C library does not include support for pipes (unless you
count the handling of stdin and stdout, but that requires some
external process to set up the pipe).

There are functions under Unix-like systems, including Linux, for
creating and manipulating pipes, but questions about them are
off-topic in comp.lang.c.

Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets() and getc(). To
write to stdout, you use puts() or printf().

Never use gets(). It makes it practically impossible to avoid buffer
overflows. fgets() is a safe alternative.

--
Keith Thompson (The_Other_Keit h) kst-u@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.

**David T. Ashley** · Aug 15 '06, 09:55 AM

Re: Where to Find Pipe Information?

"Jerry Stuckle" <jstucklex@attg lobal.netwrote in message
news:Hq6dnQTGDv bmoXzZnZ2dnUVZ_ tmdnZ2d@comcast .com...

>
I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.

It is my understanding that all command-line arguments are visible to all
processes. Try "ps -Af" on a Linux system.

Dave.

**Jerry Stuckle** · Aug 15 '06, 10:55 AM

Re: Where to Find Pipe Information?

David T. Ashley wrote:

"Jerry Stuckle" <jstucklex@attg lobal.netwrote in message
news:Hq6dnQTGDv bmoXzZnZ2dnUVZ_ tmdnZ2d@comcast .com...
>

>>I guess I don't understand the problem with passing it in the command
>>line. If it's a process-to-process communication, it won't be visible
>>anyway.

>
>
It is my understanding that all command-line arguments are visible to all
processes. Try "ps -Af" on a Linux system.
>
Dave.
>
>
>

For as long as the program is running, and I think only if you're an
admin (but I could be wrong on that).

But who's going to have ssh/telnet access to the system? And how long
is the program going to run?

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Velásquez, Constantin** · Aug 15 '06, 06:35 PM

Re: Where to Find Pipe Information?

Jerry Stuckle wrote:

For as long as the program is running, and I think only if you're an
admin (but I could be wrong on that).
>
But who's going to have ssh/telnet access to the system? And how long
is the program going to run?

A simple script could save the command line argument in a
evil.example.or g server (it's very hard to hide it but it could be
inserted in other program or simply replace it).

I suggest to use encrypted environment variables or simple environment
variables for a lower security level.

**SadOldGit** · Aug 16 '06, 12:25 AM

Re: Where to Find Pipe Information?

Chung Leong wrote:

Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()

I seriously hope you are not using gets() !!!!

Extract from man gets
BUGS
Never use gets(). Because it is impossible to tell without
knowing the data in advance how
many characters gets() will read, and because gets() will
continue to store characters past
the end of the buffer, it is extremely dangerous to use. It has
been used to break computer
security. Use fgets() instead.

and getc(). To

write to stdout, you use puts() or printf().

**Chung Leong** · Aug 16 '06, 02:05 AM

Re: Where to Find Pipe Information?

SadOldGit wrote:

Chung Leong wrote:

Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()

>
I seriously hope you are not using gets() !!!!

It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.

**jmcgill** · Aug 16 '06, 02:15 AM

Re: Where to Find Pipe Information?

Chung Leong wrote:

It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets().

MSDOS lost pipes? When did that happen?

**Keith Thompson** · Aug 16 '06, 02:35 AM

Re: Where to Find Pipe Information?

"Chung Leong" <chernyshevsky@ hotmail.comwrit es:

SadOldGit wrote:

>Chung Leong wrote:

Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()

>>
>I seriously hope you are not using gets() !!!!

>
It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.

No, it's ok to use gets().

--
Keith Thompson (The_Other_Keit h) kst-u@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.

**Kenny McCormack** · Aug 16 '06, 02:55 AM

Re: Where to Find Pipe Information?

In article <lnk659l811.fsf @nuthaus.mib.or g>,
Keith Thompson <kst-u@mib.orgwrote:

>"Chung Leong" <chernyshevsky@ hotmail.comwrit es:

>SadOldGit wrote:

>>Chung Leong wrote:
>Google "stdio.h". To read from stdin, you just do it as though you're
>reading from the keyboard, with functions like gets()
>>>
>>I seriously hope you are not using gets() !!!!

>>
>It's been a while since I last use the stdio function :-) I vaguely
>remember that the command-line in MS-DOS has a certain limit, so it was
>actually OK to use gets(). scanf() was the one to avoid.

>
>No, it's ok to use gets().

They'll get you for that.

**Keith Thompson** · Aug 16 '06, 02:55 AM

Re: Where to Find Pipe Information?

Keith Thompson <kst-u@mib.orgwrites :

"Chung Leong" <chernyshevsky@ hotmail.comwrit es:

>SadOldGit wrote:

>>Chung Leong wrote:
>Google "stdio.h". To read from stdin, you just do it as though you're
>reading from the keyboard, with functions like gets()
>>>
>>I seriously hope you are not using gets() !!!!

>>
>It's been a while since I last use the stdio function :-) I vaguely
>remember that the command-line in MS-DOS has a certain limit, so it was
>actually OK to use gets(). scanf() was the one to avoid.

>
No, it's ok to use gets().

ARGH!

What I meant to write was:

No, it's *not* ok to use gets().

Never. Never ever.

Use fgets() (and watch out for the trailing '\n'). Or read a
character at a time. Or use some custom routine like ggets().

gets(), for all practical purposes, cannot be used safely. It is a
buffer overflow waiting to happen.

(I'll try to cancel the article, but I doubt that it will work.)

--
Keith Thompson (The_Other_Keit h) kst-u@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.

**Chung Leong** · Aug 16 '06, 03:25 AM

Re: Where to Find Pipe Information?

Keith Thompson wrote:

ARGH!
>
What I meant to write was:
>
No, it's *not* ok to use gets().
>
Never. Never ever.
>
Use fgets() (and watch out for the trailing '\n'). Or read a
character at a time. Or use some custom routine like ggets().
>
gets(), for all practical purposes, cannot be used safely. It is a
buffer overflow waiting to happen.

Well, there is Secure Template Overloads in VC8
(http://msdn2.microsoft.com/en-us/library/ms175759.aspx). Sort of a
pointless feature since a typical C program won't combine as C++
without heavy modification. Anyway, this is totally off topic.

Where to Find Pipe Information?

Where to Find Pipe Information?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment