I run a process thanks to the Boost library with this code using the boost::process::child class. My program works well. I am launching a process done by someone else, and I only need to send things on its stdin, and read its stdout. But I consider I cannot trust the child process owner, so I would like the process to be able to communicate with my main process with standard input/output, but I would like to prevent him from creating files, starting other processes (running command in terminal), or making other unsafe things.
I saw some ways to achieve that, but they use other APIs, and I cannot apply that to my boost process. I want my program to be cross-platform (Windows + Linux).
So, is there any way to achieve that, thanks to the boost library, or with other libraries (but which would be appropriate using the child class from the boost::process library) ?
EDIT: I would like my program to be easily given to a "ordinary" person. So I cannot use a solution which would imply the user to install other things than my executable (and possibly some libraries/data in a folder)
Related
Its been a while since I've had to do this and in the past I've used "spawn" to create processes.
Now I want to launch processes from my application asynchronously so my application continues to execute in the background and does not get held up by launching the process.
I also want to be able to communicate with the launched processes. When I launch the process I will send it the launchers process id so that the launched process can communicate with the launcher using it's pid.
What is the best method to use that is not specific to any platform / operating system, I'm looking for a solution that is multi-platform?
I'm writing this in C++, I don't want a solution that ties me to any third party licensed product.
I don't want to use threads, the solution must be for creating new processes.
A portable to launch a new process is std::system.
#include <cstdlib>
int main() {
std::system("./myapp");
return 0;
}
if you use linux and you want to share handles/memory between processes, fork is what you are looking for
Try Boost.Process.
Boost.Process provides a flexible framework for the C++ programming language to manage running programs, also known as processes. It empowers C++ developers to do what Java developers can do with java.lang.Runtime/java.lang.Process and .NET developers can do with System.Diagnostics.Process. Among other functionality, this includes the ability to manage the execution context of the currently running process, the ability to spawn new child processes, and a way to communicate with them them using standard C++ streams and asynchronous I/O.
The library is designed in a way to transparently abstract all process management details to the user, allowing for painless development of cross-platform applications. However, as such abstractions often restrict what the developer can do, the framework allows direct access to operating system specific functionality - obviously losing the portability features of the library.
Example code to run and wait to finish for child process from the site:
bp::child c(bp::search_path("g++"), "main.cpp");
while (c.running())
do_some_stuff();
c.wait(); //wait for the process to exit
int result = c.exit_code();
I'll plug my own little (single header) library:
PStreams allows you to run another program from your C++ application and to transfer data between the two programs similar to shell pipelines.
In the simplest case, a PStreams class is like a C++ wrapper for the POSIX.2 functions popen(3) and pclose(3), using C++ iostreams instead of C's stdio library.
The library provides class templates in the style of the standard iostreams that can be used with any ISO C++ compiler on a POSIX platform. The classes use a streambuf class that uses fork(2) and the exec(2) family of functions to create a new process and creates up to three pipes to write/read data to/from the process.
I will sketch the scenario I would like to get working below.
I have one main application.
That application, based on user interactions, can load other applications inside a secure environment/shell. This means these child applications cannot interact with the OS anymore, nor with each other.
The parent program can at any time call functions of these child programs.
The child program can at any time call functions of these parent programs.
Does anyone know how to implement this in C++? Preferably both parent and child should be written in C++.
The performance of loading the child applications inside the parent application doesn't matter. The only thing that matters is the performance of the communication between child and parent when calling functions of each other.
You will have to write your own compiler.
Consider: No normal OS supports what you want. You want both executables to run inside a single process, yet that process may or may not make OS calls depending on some weirdness inside the process which the OS doesn't understand at all.
This is no longer a problem with your custom compiler, as it simply will not create the offending instructions. It's similar to Java and .Net, which also prevent such OS calls outside their control.
A portable solution: Google Native Client
One possible Linux solution:
Make AppArmor profile with "hats" (a "hat" is a sandboxing configuration to which the application can switch programmatically with libapparmor),
have the main application create a "pipe",
have the main application "fork",
change into a "hat" corresponding to the child application,
"exec" the child application,
the main application and the child application communicate via the "pipe" created earlier.
If you want a (semi)crossplatform way to do this you can use RPC to call functions in another process. It's going to work on anything that supports the distributed computing environment. It's been around for some time and the msdn documentation states that parts of windows use it for inter process communication so it's probably fast enough. Here's a tutorial on msdn that should get you up and running http://msdn.microsoft.com/en-us/library/windows/desktop/aa379010.aspx The bad part is that I haven't been able to find a tutorial about using it on linux.
If you don't want to use RPC or find it too hard to find good documentation on the subject, you can use the standard IPC(Inter Process Communication) mechanisms from unix systems to signal your process that should call a certain function. I'd recommend a message queue because it's very fast and lightweight. You can find a tutorial here: http://www.cs.cf.ac.uk/Dave/C/node25.html
I am not familiar with OS restrictions in above answers. However, I found an easy way to solve this problem. I hope it helps and does not have a technical issue. I used Linux OS. Suppose I want to call C++ program B inside another C++ program A. I wrote a perl script (such as PerlScript.pl) that contains a system call to run program B. Then in A, I did a system call like system("perl PerlScript.pl") that ask perl to run B for me.
I am thinking of writing a server application - along the lines of mySQL or Apache.
The main requirements are:
Clients will communicate with the server via TCP/IP (sockets)
The server will spawn a new child process to handle requests (ala Apache)
Ideally, I would like to use the BOOST libraries rather than attempt to reinvent my own. There must be code somewhere that does most of what I am trying to do - so I can use it (or atleast part of it as my starting point) can anyone point me to a useful link?
In the (hopefully unlikely) event that there is no code I can use as a starting point, can someone point out the most appropriate BOOST libraries to use - and a general guideline on how to proceeed.
My main worry is how to know when one of the children has crashed. AFAIK, there are two ways of doing this:
Using heartbeats between the parent and children (this quickly becomes messy, and introduces more things that could go wrong)
Somehow wrap the spawning of the process with a timeout parameter - but this is a dumb approach, because if a child is carrying out time intensive work, the parent may incorrectly think that the child has died
What is the best practises of making the parent aware that a child has died?
[Edit]
BTW, I am developing/running/deploying on Linux
On what platform (Windows/Linux/both)? Processes on Windows are considered more heavy-weight than on Linux, so you may indeed consider threads.
Also, I think it is better (like Apache does) not to spawn a process for each request but to have a process pool, so you save the cost of creating a process, especially on Windows.
If you are on Linux, can waitpid() be useful for you? You can use it in the non-blocking mode to check recurrently with some interval whether one of the child processes terminated
I can say for sure that Pion is your only stable option.
I have never used it but I intend to, and the API looks very clean.
As for the Boost libraries you would need:
Boost.Asio
Boost.Threading
Boost.Spirit (or something similar to parse the HTTP protocol)
Boost.IPC
What about using threads (which are supported by Boost) rather than forking the process? This would allow you to make queries about the state of a child and, imho, threads are simpler to handle than forking.
Generally Boost.Asio is good point to begin with.
But several points to be aware of:
Boost.Asio is very good library but it is not very fork aware, so don't try to share Asio
event loop between several fork processes - this would not work (i.e. - if boost::asio::io_service was created before fork - don't use it in more then one process after it)
Also it does not allow you to release file handler from boost::asio::XX::socket
so only way is to call dup and then pass it to child process.
But to be honest? I don't think you'll find any network event loop library that is
fork aware (maybe with exception of CppCMS's booster.aio that I had written
to be fork aware by myself).
Waiting for children is quite simple you can define a signal handler with sigaction
on SIGCHLD signal that is send then child crashes or exits.
So all you need to do is handle this signal and in main loop call waitpid when such
signal received.
With asio you can use "self-pipe" trick to wake the loop from sleep from signal handler.
First, take a look at CPPCMS. It might already fit your needs.
Now, as pointed by others, boost::asio is a good starting point but is really the basics of the task.
Maybe you'll be more interested in the works being done about server-code based on boost::asio : cpp-netlib (that is made to be submitted in boost once done) The author's blog.
I've made an FOSS library for creating C++ applications in a modular way. It's hosted at
https://github.com/chilabot/chila
here's my blog: http://chilatools.blogspot.com/view/sidebar
It's specially suited for generic server creation (that was my motivation for constructing it), but I think it can be used for any kind of application.
The part that has to be deployed with the final binary is LGPL, so it can be used with commercial applications.
I have a C++ program that captures videos, and I would like to be able create a command-line program to update its frame rate, image format, etc on the fly.
How can I do this without halting the entire program? I need it to be able to wait for user input, but still capture videos at the same time. I know this will probably involve some kind of multi-threading, which I am entirely new to. Some suggestions/links would be nice.
Than you all,
Are you developing this for a specific platform or does it need to be platform independent?
If you are developing for windows you should look into the win32 API. specifically beginthread or _beginthreadex on msdn
I'm not too familiar with *nix development but pthreads i believe would do the trick and can be used in Windows and *nix
Another option would be to use the BOOST libraries. BOOST can be used on Windows and *nix systems. Below is a link to the BOOST Thread documentation.
http://www.boost.org/doc/libs/1_44_0/doc/html/thread.html
I find BOOST Threads a lot easier to use than WIN32 Threads and at the same time you're not tied down to a specific platforms API.
Create a thread to handle video, whilst using the main thread to wait for input. Thread creation depends on platform, and can be a little overwhelming to those who are new. You will need a mutex on variables that can be altered through the command line, and you'll need to look up of how to make your code "thread safe".
In the days before multi-threading it was possible to solve this as well by regularly peeking into the keyboard buffer from time to time. I mention this just as an alternative to opening the multi-threading box which often gives you more than you bargain for.
EDIT: I read now a bit more carefully what you want to achieve, having a console program to update another program with new settings. I think what you then need is for the programs to communicate with one another. Look at boost::interprocess for that.
I'll looking for advice/resources to write a program that can intercept system calls from a programm to supervise it's filesystem, network, etc access.
The aim of this is to write an online judge, so that untrusted code can be run safely on a server.
This is on linux, and I would prefer to write C++ or a scripting langauge (ruby, python, etc), and a library would be great!
Thanks.
This looks like a good place to start.
http://www.linuxjournal.com/article/6100
You can't safely use ptrace() to sandbox a hostile application.
The application can always use multiple threads with deliberate race conditions to alter syscall arguments passed via pointers (eg. a filename) after you've inspected them but before the kernel looks at them.