[Opendnssec-develop] Sharing PIN through POSIX message queues

Rick van Rein rick at openfortress.nl
Wed Aug 19 07:25:30 UTC 2009


During the phone conversation yesterday I proposed to use IPC for sharing
PIN codes, because it has a special security potential: it can verify
the process ID of the party requesting the PIN.

I made a small test program, which comes attached.  Basically, this is a
PIN server (make start / make stop) with a client query that can be run
as often as you like (make query).  The client prints what getpid()
returns, and the server prints the PID from which the request comes in,
to make it testable.

This functionality is part of the POSIX standard, as far as I can tell.

The code contains a few pointers on making more secure code.  I won't mind
developing that, but first I'd like you to have a look at this.

Don't ask me why SSH doesn't use this, it makes no sense to me to use
a file socket for this sort of thing.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: msgqueue-pin.tgz
Type: application/x-gtar
Size: 1810 bytes
Desc: Demonstration code for PIN sharing
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090819/c0e71d36/attachment.gtar>

More information about the Opendnssec-develop mailing list