From 318d0cd2091b7937781ac09734be5766eb86fee2 Mon Sep 17 00:00:00 2001
From: Martin Sustrik <sustrik@250bpm.com>
Date: Thu, 22 Mar 2012 14:14:29 +0100
Subject: Add long comment about security problem on Windows platform

Signed-off-by: Martin Sustrik <sustrik@250bpm.com>
---
 src/signaler.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/signaler.cpp b/src/signaler.cpp
index 86a5763..2ba6285 100644
--- a/src/signaler.cpp
+++ b/src/signaler.cpp
@@ -234,6 +234,17 @@ int xs::signaler_t::make_fdpair (fd_t *r_, fd_t *w_)
 
 #elif defined XS_HAVE_WINDOWS
 
+    //  On Windows we are using TCP sockets for in-process communication.
+    //  That is a security hole -- other processes on the same box may connect
+    //  to the bound TCP port and hook into internal signal processing of
+    //  the library. To solve this problem we should use a proper in-process
+    //  signaling mechanism such as private semaphore. However, on Windows,
+    //  these cannot be polled on using select(). Other functions that allow
+    //  polling on these objects (e.g. WaitForMulitpleObjects) don't allow
+    //  to poll on sockets. Thus, the only way to fix the problem is to
+    //  implement IOCP polling mechanism that allows to poll on both sockets
+    //  and in-process synchronisation objects.
+
     //  This function has to be in a system-wide critical section so that
     //  two instances of the library don't accidentally create signaler
     //  crossing the process boundary.
-- 
cgit v1.2.3