Browse Prior Art Database

Inter-process Message Communication Security

IP.com Disclosure Number: IPCOM000108263D
Original Publication Date: 1992-May-01
Included in the Prior Art Database: 2005-Mar-22
Document File: 2 page(s) / 73K

Publishing Venue

IBM

Related People

Chang, DY: AUTHOR [+3]

Abstract

Disclosed is a portable method of authentication the user identification (uid) of the message senders of a public message queue in the UNIX* System V Message Service.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Inter-process Message Communication Security

       Disclosed is a portable method of authentication the user
identification (uid) of the message senders of a public message queue
in the UNIX* System V Message Service.

      In a message-based service system, public message queues are
created to allow any process to drop request messages. A public
message queue that is implemented with the UNIX System V Message
Service can be written by any process. However, to fulfill the
security identification and authentication requirement, the processes
that make the requests are required to identify themselves to the
message service before their requests are processed.

      The user identifications(uid) of the applications must be
provided by the operating system in the message header instead of
allowing the applications to provide them in the message text. This
makes any illegal request impossible to succeed. Unfortunately, this
feature is not provided by the standard UNIX System V Message
Service. The message header of the message received by the System V
message subroutine, "msgrcv", only contains the message type.

      An extended message with the user identification(uid) of the
sender can be received by another message subroutine, "msgxrcv", on
AIX**. However, "msgxrcv" is only available on AIX. It is not
supported on the other UNIX platforms.

      This article provides a unique feature for the UNIX System V
Message Service to authenticate the message senders of a public
message queue. The sender creates a private queue as the reply queue
and allows the message service has both read and write access...