Reply to Re: Security of Unix Pipes (with Application Details) — PHP Programming Language

Posted by David T. Ashley on 05/01/07 18:19

"Rainer Weikusat" <rweikusat@mssgmbh.com> wrote in message
news:87tzuwxypg.fsf@fever.mssgmbh.com...
> "David T. Ashley" <dta@e3ft.com> writes:
>
> [...]
>
>> However, I was thinking that I could use the PHP proc_open() function:
>>
>> http://us.php.net/manual/en/function.proc-open.php
>>
>> to pass the information to the compiled C program's stdin and get
>> information back from stdout securely (without others being able to
>> eavesdrop).
>
> You could try something simple, like writing the key to a file only
> readable by someone with the 'correct' UID and pass the name of the
> file to the program via commandline argument.

Yeah, this may be simplest of all. Now that everyone has shattered my
vision of pipes as secure, this is possible also. If you have a UID/GID
adequate to read the file, then you have a UID/GID adequate to eavesdrop on
pipes as well.

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация