Add long comment about security problem on Windows platform

Signed-off-by: Martin Sustrik <sustrik@250bpm.com>
author: Martin Sustrik <sustrik@250bpm.com> 2012-03-22 14:14:29 +0100
committer: Martin Sustrik <sustrik@250bpm.com> 2012-03-23 08:06:32 +0100
commit: 318d0cd2091b7937781ac09734be5766eb86fee2 (patch)
tree: a2f9edb10dcf5f28d100f7affaf4c668cc14db24
parent: 84997053d4d170de80a2ac1ed5a742b75f5064ee (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/src/signaler.cpp b/src/signaler.cpp
index 86a5763..2ba6285 100644
--- a/src/signaler.cpp
+++ b/src/signaler.cpp
@@ -234,6 +234,17 @@ int xs::signaler_t::make_fdpair (fd_t *r_, fd_t *w_)
 
 #elif defined XS_HAVE_WINDOWS
 
+    //  On Windows we are using TCP sockets for in-process communication.
+    //  That is a security hole -- other processes on the same box may connect
+    //  to the bound TCP port and hook into internal signal processing of
+    //  the library. To solve this problem we should use a proper in-process
+    //  signaling mechanism such as private semaphore. However, on Windows,
+    //  these cannot be polled on using select(). Other functions that allow
+    //  polling on these objects (e.g. WaitForMulitpleObjects) don't allow
+    //  to poll on sockets. Thus, the only way to fix the problem is to
+    //  implement IOCP polling mechanism that allows to poll on both sockets
+    //  and in-process synchronisation objects.
+
     //  This function has to be in a system-wide critical section so that
     //  two instances of the library don't accidentally create signaler
     //  crossing the process boundary.
author	Martin Sustrik <sustrik@250bpm.com>	2012-03-22 14:14:29 +0100
committer	Martin Sustrik <sustrik@250bpm.com>	2012-03-23 08:06:32 +0100
commit	318d0cd2091b7937781ac09734be5766eb86fee2 (patch)
tree	a2f9edb10dcf5f28d100f7affaf4c668cc14db24
parent	84997053d4d170de80a2ac1ed5a742b75f5064ee (diff)