Hello! (mostly Cindy, Simon, and Antranig) I've been doing some more thinking about a secure IPC for Windows, and I've now got a solution I'm currently happy with.
A more meaty write-up is in GPII-2399 but here's a summary: - Named pipes (a normal implementation) had problems verifying the client (mostly due to a malicious process having the same access rights as GPII). - TCP Sockets allowed the PID of the client to be checked (via the TCP table) but became tricky when the child-child-process was connecting. - Anonymous pipes where problematic to implement in node. New solution: Create a named pipe (using node) and connect to it in the same process (no need to validate the client), and pass the client-end handle (like a "file descriptor", but for win32). Child process just uses a pre-made file descriptor. Combines the convenience of named pipes where the IO is performed by node, with the "file handle inheriting" method of anonymous pipes. The PoC code is brittle but convincing. Thanks, Steve Grundell
_______________________________________________ Architecture mailing list [email protected] http://lists.gpii.net/mailman/listinfo/architecture
