Tutorial :Security of stdio communications



Question:

In a program I am developing (Linux), I need very simple text-based IPC. It would be very easy to use a standard input/output pipe for this. Can I trust that messages sent to a process' stdin cannot be read by anyone? Also, can I trust that if I kept the pipe to its stdout, only I can read what it outputs? I just want to make sure there's no procfs-based trick that can read from these.


Solution:1

In my own limited testing (running uniq | sort then trying to snoop on both ends of the pipe via /proc/XXX/fd), it seems that I can't read what gets sent into the pipe, but I can inject data into it.

In other words, do your own testing to see what you can and can't do. :-)


Solution:2

Honestly, I think it depends on how much security you think your application needs. I input my GPG key password on stdin. I always ask the question "what is the acceptable risk?".

That said, nothing will protect your application from a rootkit in kernel-space. It can read not just the std in/out terminals but your entire processes memory as it runs. And probably override a few protections you've got in place.

You might look at using SELinux sandboxing in combination with what you're doing - read more about it at http://danwalsh.livejournal.com/ if you really need that level of protection. libselinux lets you interface with it for checking protection exists etc.


Solution:3

As far as I know, there are no "tricks" and other users cannot read your stdin/stdout. Just remember that:

  • Other processes running as the same user can read your process' memory; this is because security protects you from other users.
  • A process running as superuser can do everything.

That said, if you are handling sensitive data, have a look at mlock.


Solution:4

There's no tricks, the only one I can think of in relation to detecting if stdout is redirected to elsewhere is to do this like in a simple C function as shown here isredirected, other than that the onus rests with you to ensure the messages are kept secure...The other thing, is using procfs trickery requires root privileges to access certain procfs features...so ensure that you put a check in there to ensure it is not running as root...

int isredirected(void){  if (!isatty(fileno(stdin))) return 1;  return 0;  }  

Hope this helps, Best regards, Tom.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »