How to guarantee that that only a specific process reads from a named pipe?

Unix & Linux Asked by caveman on September 28, 2020

Suppose that, at time (1), I create a named pipe using Python with the goal that eventually this Python process would write something to that named pipe. Why? Because, at time (2), there is another process that is expected to read from that named pipe.

So, basically, it’s IPC via named pipes. Why is this neat? Because it looks like a file, so that the other process that can only read files, can be communicated to via this named pipe mechanism as a convenient IPC without needing to rewrite the other process.

But there is a problem: suppose that between time (1) and time (2), an evil process started reading from the named pipe 1st before that intended process. This way, my Python script may end up sending data to an unintended process. So I am not concerned if the hijacker starts writing to the process in my specific risk model (I’m only concerned about the hijacking reading from the pipe before the intended process).

Question: is there any mechanism to ensure no other process but the intended one reads from the IPC other than the intended process?

One Answer

Named pipes have file permissions just like any other file. Make sure that when you crete the pipe, the permissions are set such that only the account meant to run your process can read from it.

Answered by Joseph Sible-Reinstate Monica on September 28, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP