summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Sustrik <sustrik@250bpm.com>2012-03-22 14:14:29 +0100
committerMartin Sustrik <sustrik@250bpm.com>2012-03-23 08:06:32 +0100
commit318d0cd2091b7937781ac09734be5766eb86fee2 (patch)
treea2f9edb10dcf5f28d100f7affaf4c668cc14db24
parent84997053d4d170de80a2ac1ed5a742b75f5064ee (diff)
Add long comment about security problem on Windows platform
Signed-off-by: Martin Sustrik <sustrik@250bpm.com>
-rw-r--r--src/signaler.cpp11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/signaler.cpp b/src/signaler.cpp
index 86a5763..2ba6285 100644
--- a/src/signaler.cpp
+++ b/src/signaler.cpp
@@ -234,6 +234,17 @@ int xs::signaler_t::make_fdpair (fd_t *r_, fd_t *w_)
#elif defined XS_HAVE_WINDOWS
+ // On Windows we are using TCP sockets for in-process communication.
+ // That is a security hole -- other processes on the same box may connect
+ // to the bound TCP port and hook into internal signal processing of
+ // the library. To solve this problem we should use a proper in-process
+ // signaling mechanism such as private semaphore. However, on Windows,
+ // these cannot be polled on using select(). Other functions that allow
+ // polling on these objects (e.g. WaitForMulitpleObjects) don't allow
+ // to poll on sockets. Thus, the only way to fix the problem is to
+ // implement IOCP polling mechanism that allows to poll on both sockets
+ // and in-process synchronisation objects.
+
// This function has to be in a system-wide critical section so that
// two instances of the library don't accidentally create signaler
// crossing the process boundary.