Why are pipes considered dangerous to use? What can be done to avoid these security issues?
I’m mostly interested in Windows, but if you have other OS information, please provide.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Why are pipes considered dangerous to use? What can be done to avoid these security issues?
I’m mostly interested in Windows, but if you have other OS information, please provide.
(assuming you’re talking about Unix named pipes from the mention of ‘c’ and ‘IPC’. Windows named pipes work somewhat differently)
Anyone with permissions can write to a named pipe, so you have to be careful with permissions and locking (see flock()). If an application trusts the input it’s getting from the named pipe (which will usually be the case unless you explicitly build input validation into it) then a malicious user can write any desired data into the named pipe if they have permission.
Also, any user with permissions can read from the pipe and intercept data coming out of it if you have not exclusively locked it. The data is then missing from the input stream that the reader is expecting.