[Opendnssec-develop] Again: Sharing PIN through POSIX message queues
Rick van Rein
rick at openfortress.nl
Thu Aug 11 08:53:04 UTC 2011
Hey Rickard,
> Nice example!
Thanks :)
> You can get the PID of sending process. But how do you send the
> message back to that PID? So that no one else can steal the message
> from the queue?
Good find :-D but this was a quick prototype to sketch the idea and
to show that it works; I don't know if I was considering that back
then.
The obvious solution would be to use a separate getmsg() on the
receiving end, and pass the global ID for that response mailbox
over to the PIN daemon. It would then simply send the PIN to the
mailbox owned by an approved process. Let me know if you'd like
code to go with that; I believe this is a serious contender for a
PIN daemon, better secure practice than what SSH and GPG2 do.
Cheers,
-Rick
More information about the Opendnssec-develop
mailing list