TechQA.

How to exchange a number between two processes securely

165 views Asked by At

Here is the sample code for myapp1 and myapp2:

myapp1 code:

int main(int argc, char *argv[])
{    
    int secret = 123;
    char buffer[20];
    sprintf(buffer,"%d",secret);

    char *argv[] = { "/bin/myapp2", buffer, 0 };
    char *envp[] =
    {
        "HOME=/",
        "PATH=/bin:/usr/bin",
        0
    };

    int retval = execve(argv[0], &argv[0], envp); 
    printf("return value is: %d\n", retval);
    
    return 0;
}

myapp2 code:

int main(int argc, char *argv[])
{
    int val = atoi(argv[1]);
    some_process(val);

    return val;
}

As you can see I am calling an application, myapp2, from myapp1 using execve(). I send a secret number to myapp2 in its arguments. myapp2 does some processing on it and returns the same secret number to the calling program. Now, my problem is that I want this secret number to be secret from the outside world. the secret number can easily be hacked using the ps command. What I want is that I want to be sure that myapp2 been called is the original one. If someone replaces it with a myappfake, which also returns the same secret number, how do I know I am being fooled?

Basically, I want to make sure that the myapp2, from which I am getting response is the genuine one.

c++ security secure-coding information-hiding
Original Q&A
1

There are 1 answers

0
Jens On

I would give you a direction to RPC - remote procedure call(s).
This is an old protocol, but I is used by some modern OS like Linux or Windows.
This protocol can be used over a network. So, you are not limited to local station.
And since Linux, and Windows support local (serverless) environments, it is not a problem to test, or extend the protocol (also it is not limited in the number of calls, you can make).
You can crypt or de-crypt all data on each side (application point). RPC is a old protocol. So, you have to do your own securities. And, you can coding your RPC application's on different platforms, because RPC protocol is not depend on any platform (in the native form). But you have must store two copies of the function calls (server/client). If you clever, you can extend your RPC package function growing, and growing without concern about the protocol. It is always the same. So, you are very flexible, if you want to extend your application.

Related Questions in C++

Related Questions in SECURITY

Related Questions in SECURE-CODING

Related Questions in INFORMATION-HIDING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions