By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,810 Members | 783 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,810 IT Pros & Developers. It's quick & easy.

Where to Find Pipe Information?

P: n/a
Hi,

On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.

The PHP pipe manipulation functions (such as popen) were suggested to me.

Where can I find out more about pipes, specifically:

a)How to use the C library calls to manipulate pipes?

b)The Linux API (below the C library)?

I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.

I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.

Thanks.

Aug 15 '06 #1
Share this Question
Share on Google+
17 Replies


P: n/a

David T. Ashley wrote:
Hi,

On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.

The PHP pipe manipulation functions (such as popen) were suggested to me.

Where can I find out more about pipes, specifically:

a)How to use the C library calls to manipulate pipes?

b)The Linux API (below the C library)?

I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.

I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.

Thanks.
I don't know Linux resources but have you tried PHP.net?
http://www.php.net/manual/en/function.popen.php

Aug 15 '06 #2

P: n/a
David T. Ashley wrote:
Hi,

On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.

The PHP pipe manipulation functions (such as popen) were suggested to me.

Where can I find out more about pipes, specifically:

a)How to use the C library calls to manipulate pipes?

b)The Linux API (below the C library)?

I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.

I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.

Thanks.
I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.

As for using pipes - if you've never used them before, you're going to
need to do a fair amount of reading. The api's aren't complicated, but
handling errors without hanging can sometimes be tricky.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Aug 15 '06 #3

P: n/a
David T. Ashley wrote:
Hi,

On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.

The PHP pipe manipulation functions (such as popen) were suggested to me.

Where can I find out more about pipes, specifically:

a)How to use the C library calls to manipulate pipes?
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets() and getc(). To
write to stdout, you use puts() or printf().

If you have a working program already, chances are you can just pipe
data into it and get stuff back out.

Aug 15 '06 #4

P: n/a
"Chung Leong" <ch***********@hotmail.comwrites:
David T. Ashley wrote:
>On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.

The PHP pipe manipulation functions (such as popen) were suggested to me.

Where can I find out more about pipes, specifically:

a)How to use the C library calls to manipulate pipes?
The standard C library does not include support for pipes (unless you
count the handling of stdin and stdout, but that requires some
external process to set up the pipe).

There are functions under Unix-like systems, including Linux, for
creating and manipulating pipes, but questions about them are
off-topic in comp.lang.c.
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets() and getc(). To
write to stdout, you use puts() or printf().
Never use gets(). It makes it practically impossible to avoid buffer
overflows. fgets() is a safe alternative.

--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Aug 15 '06 #5

P: n/a
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Hq******************************@comcast.com. ..
>
I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.
It is my understanding that all command-line arguments are visible to all
processes. Try "ps -Af" on a Linux system.

Dave.

Aug 15 '06 #6

P: n/a
David T. Ashley wrote:
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Hq******************************@comcast.com. ..
>>I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.


It is my understanding that all command-line arguments are visible to all
processes. Try "ps -Af" on a Linux system.

Dave.
For as long as the program is running, and I think only if you're an
admin (but I could be wrong on that).

But who's going to have ssh/telnet access to the system? And how long
is the program going to run?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Aug 15 '06 #7

P: n/a

Jerry Stuckle wrote:
For as long as the program is running, and I think only if you're an
admin (but I could be wrong on that).

But who's going to have ssh/telnet access to the system? And how long
is the program going to run?
A simple script could save the command line argument in a
evil.example.org server (it's very hard to hide it but it could be
inserted in other program or simply replace it).

I suggest to use encrypted environment variables or simple environment
variables for a lower security level.

Aug 15 '06 #8

P: n/a
Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()
I seriously hope you are not using gets() !!!!

Extract from man gets
BUGS
Never use gets(). Because it is impossible to tell without
knowing the data in advance how
many characters gets() will read, and because gets() will
continue to store characters past
the end of the buffer, it is extremely dangerous to use. It has
been used to break computer
security. Use fgets() instead.
and getc(). To
write to stdout, you use puts() or printf().
Aug 16 '06 #9

P: n/a
SadOldGit wrote:
Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()

I seriously hope you are not using gets() !!!!
It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.

Aug 16 '06 #10

P: n/a
Chung Leong wrote:
It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets().
MSDOS lost pipes? When did that happen?
Aug 16 '06 #11

P: n/a
"Chung Leong" <ch***********@hotmail.comwrites:
SadOldGit wrote:
>Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()

I seriously hope you are not using gets() !!!!

It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.
No, it's ok to use gets().

--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Aug 16 '06 #12

P: n/a
In article <ln************@nuthaus.mib.org>,
Keith Thompson <ks***@mib.orgwrote:
>"Chung Leong" <ch***********@hotmail.comwrites:
>SadOldGit wrote:
>>Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()

I seriously hope you are not using gets() !!!!

It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.

No, it's ok to use gets().
They'll get you for that.

Aug 16 '06 #13

P: n/a
Keith Thompson <ks***@mib.orgwrites:
"Chung Leong" <ch***********@hotmail.comwrites:
>SadOldGit wrote:
>>Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()

I seriously hope you are not using gets() !!!!

It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.

No, it's ok to use gets().
ARGH!

What I meant to write was:

No, it's *not* ok to use gets().

Never. Never ever.

Use fgets() (and watch out for the trailing '\n'). Or read a
character at a time. Or use some custom routine like ggets().

gets(), for all practical purposes, cannot be used safely. It is a
buffer overflow waiting to happen.

(I'll try to cancel the article, but I doubt that it will work.)

--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Aug 16 '06 #14

P: n/a
Keith Thompson wrote:
ARGH!

What I meant to write was:

No, it's *not* ok to use gets().

Never. Never ever.

Use fgets() (and watch out for the trailing '\n'). Or read a
character at a time. Or use some custom routine like ggets().

gets(), for all practical purposes, cannot be used safely. It is a
buffer overflow waiting to happen.
Well, there is Secure Template Overloads in VC8
(http://msdn2.microsoft.com/en-us/library/ms175759.aspx). Sort of a
pointless feature since a typical C program won't combine as C++
without heavy modification. Anyway, this is totally off topic.

Aug 16 '06 #15

P: n/a
Keith Thompson wrote:
Keith Thompson <ks***@mib.orgwrites:
No, it's ok to use gets().

ARGH!

What I meant to write was:

No, it's not ok to use gets().
Ah, negation typo. The best kind.
(I'll try to cancel the article, but I doubt that it will work.)

For what it's worth, I didn't see the other. I think NIN is pretty good
about allowing cancels and supercedes.

Brian

Aug 16 '06 #16

P: n/a
"Default User" <de***********@yahoo.comwrites:
Keith Thompson wrote:
>Keith Thompson <ks***@mib.orgwrites:
No, it's ok to use gets().

ARGH!

What I meant to write was:

No, it's not ok to use gets().

Ah, negation typo. The best kind.
>(I'll try to cancel the article, but I doubt that it will work.)

For what it's worth, I didn't see the other. I think NIN is pretty good
about allowing cancels and supercedes.
My own news server honored the cancel -- but my error is archived for
eternity on groups.google.com.

Proofread! Proofread! Proffread!

--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Aug 16 '06 #17

P: n/a
Keith Thompson wrote:

My own news server honored the cancel -- but my error is archived for
eternity on groups.google.com.
You may be able to delete it:

<http://groups.google.com/support/bin/answer.py?answer=8380>
It's not entirely clear whether the original message had to be posted
via Google or not, but I don't believe so.

Brian
Aug 16 '06 #18

This discussion thread is closed

Replies have been disabled for this discussion.