IPC methods for local processes with multiple separate groups

Question

I’m new to IPC and I’m trying to implement a secure IPC method (not related to encryption).

I’m developing a system in C++ using Visual Studio 2010 (but will be ported to others platforms Linux/MacOS/FreeBSD), this system have a process “A” that needs receive and send a XML to other process “B” on the same computer, but will exist around of 14 process like “B” (B1, B2, ..., B14) that need send/receive a XML to the process “A”.

The process “A” will acts as a proxy/bridge between every process “B”, all data/XML that the process “B” must send, will be sent to the process “A”, and just the process “A” will sends data/XML to the process “B”.

I’m looking for an IPC method to exchange this data between the process “A” and “B1…B14”. The shared memory sounds good to do this, but any process can write/read to the address, so this isn’t secure (I know that is possible to set permission access).

I’m trying to find an IPC method that:

1. Must be a local only method, I need avoid remote connections.

2. For security reasons, when a process opens a “channel for communication” to send/receive the data, other process can’t use the same “channel” (unlike shared memory or Boost Message Queue that is possible to write on this channel, or NamedPipe that is possible open other instance with the give name), I want to avoid fake/malicious process. TCP sounds good for this, because isn’t possible that two process listen on the same port (but isn't local only).

3- The process “A” will be a service, and some processes “B” will run as service too and others processes “B” will run as a unprivileged user, so this must not be an administrator-only feature.

4- This project will be code-closed, so I can’t use a code/lib based on the GPL license.

5- If possible, cross-platform (Windows/Linux/MacOS/FreeBSD).

Can someone suggest a suitable IPC technique, either built into the OS or requiring a third-party library?

Answer 1

Short answer:

• Windows Pipes for Win32.
• Anonymous local sockets for Linux(and family).

Long answer:

On Windows platform there are following commonly used alternatives:

• Memory mapped files
• Named Pipes
• Network sockets (mostly IP)

The unfortunate fact is that none of the above is local-only by nature. Files are shared by storage access, pipes are available due to common RPC/LPC routing and IP is a subject to routing/forwarding configuration (even when using loopback).

I personally recommend using pipes on Win32. They are acting more or less like local sockets on Linux (with some differences though).

On Linux platform:

• Shared memory
• Pipes
• Local sockets (including anonymous ones).

Pipes and local sockets are secure, and in different scenarios each of them have own benefits. As you have multiple client/single server scenario, I would favor local (AF_LOCAL) socket programming. You can either use named sockets (with file-based access control), or anonymous ones. Both options are pretty secure (unless attacker gains local access).

Links

http://msdn.microsoft.com/en-us/library/windows/desktop/aa365780(v=vs.85).aspx http://manpages.ubuntu.com/manpages/lucid/man7/unix.7.html