How does interprocess communication generate security holes? Examples appreciated.
A:
Feels like homework, but I'll bite anyways.
Any time you have one process talking to another - whether it's via pipes, sockets, shared memory, etc. those processes either need to be coded very defensively or they need to be able to "trust" each other to ensure that the inter-process communications follow the protocol that they both expect.
You always have to consider the possibility that a rouge process could be created that attempts to use whatever IPC mechanism you have in place to crash, corrupt, or gain unauthorized access to whatever data you might be sharing via IPC.
Eric Petroelje
2010-05-24 20:09:51
Thanks for your help
Walidix
2010-05-24 20:20:18