Security of stdio communications
https://stackoverflow.com/questions/2290501
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
In a program I am developing (Linux), I need very simple text-based IPC. It would be very easy to use a standard input/output pipe for this. Can I trust that messages sent to a process' stdin cannot be read by anyone? Also, can I trust that if I kept the pipe to its stdout, only I can read what it outputs? I just want to make sure there's no procfs-based trick that can read from these.
Solution
In my own limited testing (running uniq | sort then trying to snoop on both ends of the pipe via /proc/XXX/fd), it seems that I can't read what gets sent into the pipe, but I can inject data into it.
In other words, do your own testing to see what you can and can't do. :-)
OTHER TIPS
Honestly, I think it depends on how much security you think your application needs. I input my GPG key password on stdin. I always ask the question "what is the acceptable risk?".
That said, nothing will protect your application from a rootkit in kernel-space. It can read not just the std in/out terminals but your entire processes memory as it runs. And probably override a few protections you've got in place.
You might look at using SELinux sandboxing in combination with what you're doing - read more about it at http://danwalsh.livejournal.com/ if you really need that level of protection. libselinux lets you interface with it for checking protection exists etc.
As far as I know, there are no "tricks" and other users cannot read your stdin/stdout. Just remember that:
- Other processes running as the same user can read your process' memory; this is because security protects you from other users.
- A process running as superuser can do everything.
That said, if you are handling sensitive data, have a look at mlock.
There's no tricks, the only one I can think of in relation to detecting if stdout is redirected to elsewhere is to do this like in a simple C function as shown here isredirected, other than that the onus rests with you to ensure the messages are kept secure...The other thing, is using procfs trickery requires root privileges to access certain procfs features...so ensure that you put a check in there to ensure it is not running as root...
int isredirected(void){
if (!isatty(fileno(stdin))) return 1;
return 0;
}
Hope this helps, Best regards, Tom.
