LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 08-05-2007, 11:06 PM   #16
ta0kira
Senior Member
 
Registered: Sep 2004
Distribution: FreeBSD 9.1, Kubuntu 12.10
Posts: 3,078

Original Poster
Rep: Reputation: Disabled

Yes, I've taken that into account. All shared memory is opened 0600.

The main point of that aspect of security is to preclude targeting of particular processes. All pipes connected to the server are available via /proc, also.

When I mentioned that the supposed detriment caused by not being able to attach to flagged memory segments was actually a useful feature, I meant that once the memory is flagged, nothing else can access it. By flagging it immediately after the client accesses it, nothing further may attach to it, thereby protecting it.

Really the only weakness of the shared memory over using pipes is possible corruption. I've got that covered, also, though. I've designed the flow so that clients can't force exceptions within the server by corrupting shared memory.
ta0kira

PS Here is the entire security policy if you'd like to see. It explains a little more about the server itself.
http://resourcerver.sourceforge.net/security.html

Last edited by ta0kira; 08-06-2007 at 12:30 AM.
 
Old 08-07-2007, 08:03 AM   #17
wjevans_7d1@yahoo.co
Member
 
Registered: Jun 2006
Location: Mariposa
Distribution: Slackware 9.1
Posts: 938

Rep: Reputation: 30
I'll investigate resourcerver at some point. Thanks!
 
Old 08-07-2007, 11:22 AM   #18
ta0kira
Senior Member
 
Registered: Sep 2004
Distribution: FreeBSD 9.1, Kubuntu 12.10
Posts: 3,078

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by wjevans_7d1@yahoo.co
I'll investigate resourcerver at some point. Thanks!
I look forward to your comments. I'd say I'm within a month of release except I've got quite a bit going on over the next several months, so I can't safely say that.

I'm considering an additional fork for servers which have shared memory enabled. How it would work is the parent process would be the shared memory reaper and the child process would be the server. When the server needed a new segment it would pass a request to the parent (possibly via SIGIO,) which would send a private ID and would give the server a few seconds to attach. It would keep a table of the segments and every 5 seconds or so would check them all and flag all with no attached processes. It wouldn't share the process group of the server to prevent signals from being passed up, and it would nonblocking-waitpid each iteration until server exit. The hardest part will probably be setting it up so the user can enable/disable the extra fork from the command line. But hey, I already have it working with dual-mode pipe/shared-memory within the same server instance! Shouldn't be a problem.
ta0kira
 
  


Reply

Tags
ipc, memory, shared


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Attachments Glennzo LQ Suggestions & Feedback 2 06-19-2007 08:41 AM
Evolution attachments Ronw Suse/Novell 1 06-04-2007 06:32 AM
Cannot send attachments Likosin Linux - Software 3 04-11-2005 07:28 PM
evolution and attachments iamnotherbert Linux - Software 2 12-02-2004 10:46 AM
Sendmail and attachments Satriani Linux - Software 2 04-27-2003 12:09 PM


All times are GMT -5. The time now is 02:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration