Reputation: 4853
Sending arguments to executables from another program
I know this can easily be done using the platform's system() implementation. However, from what I have read using system is often not the best approach and can lead to security drawbacks. Is there a different industry standard approach to this type of problem? What are the options available to the user to do this sort of thing?
I am specifically interested in the implementation in C/C++, but I do not think this type of thing will be language dependent; I suspect it shall be platform specific.
Upvotes: 1
Views: 243
Answers (3)
Reputation: 58342
The security issue which you alluded to with system is that system uses the system's shell to execute the program and parse its arguments, and if you're not careful, the shell can do things you don't want. (For example, "ls " + argument seems innocuous, but it can delete data if argument is "; rm -rf /*").
If you control the arguments, or if you're careful to escape any shell metacharacters in your parameters to system, you should be okay, although it's most reliable to avoid it.
To avoid the security issue, use a method of spawning a program that lets you specify a list of arguments, already parsed, instead of specifying a string that has to be parsed to extract arguments:
- Using POSIX,
forkthen call one of theexecfunctions. - On Windows, use
CreateProcess. - Use a cross-platform library function like the Apache Portable Runtime's
apr_proc_create.
These don't exactly match system()'s behavior (system, for example, does a bit with signal handling and return values), but they're close.
Upvotes: 2
Reputation: 143
You've likely already seen it's mention, but fork() and exec are typically the choices to go with in Linux programming, but for Windows, you'd have to use the OS API to create a new process. system() is still a good choice for smaller project because they typically don't run into the same malicious problems that big-name software can. It also natively waits for the child application to return before continuing on in the parent program, which can be a nice trait if you're using an external binary to run calculations or something else and you'll be getting the return value.
A lot of people will tell you that using system() is wrong, but it's really not. It's frowned upon in the professional market because of its inherent problems, but otherwise it works.
Upvotes: 1
Reputation: 42795
You might be looking for the standard POSIX functions fork and exec*. This works for Unix-like platforms (Linux and Mac).
On Windows, there's the CreateProcess API.
fork and exec are a little odd, because fork duplicates your current process entirely and returns different results to each copy. The new copy of the program should then set up any needed settings (closing files that shouldn't be open in both programs, changing environment variables, etc.) and finally call one of the exec functions, which replaces that process with the specified program (while maintaining the currently open file descriptors and such).
Upvotes: 2
Related Questions
- Is it possible to pass input arguments to an executable in the command line
- How to use command line arguments in C++ program?
- How to pass command line arguments to a c program
- C++: How to pass arguments to an executable?
- C++ Program to execute another Program with Command line arguments
- Calling a different program and passing it arguments
- How can I send commands to an .exe from another .exe en c++?
- How to pass an argument from a c++ program to cmd?
- C++ passing arguments to a program already running
- Program to call other programs