[erlang-questions] How to exchange sensitive data with ports?

Elena Garrulo egarrulo@REDACTED
Fri Aug 7 16:47:00 CEST 2009


Practically speaking, if both the Erlang process and the external one
are running into user level (not root), other user level process can't
sniff data. Is that true?

Thanks


2009/8/7 Hynek Vychodil <vychodil.hynek@REDACTED>:
> 1/ Can someone other read pipe? -  Yes, for example when is able trace
> precess at any end of the pipe.
> 2/ Is it security issue? - NO! If some one has those privileges you are
> already doomed. He is already able to do you much more worse. He is able
> patch your process on fly for example and so and so.
>
> On Fri, Aug 7, 2009 at 4:22 PM, Elena Garrulo <egarrulo@REDACTED> wrote:
>>
>> Hello,
>>
>> I'd like to access smart cards from Erlang. Since there is not
>> dedicated module, I'll have to use C for that.
>>
>> In this thread:
>>
>>
>> http://groups.google.com/group/erlang-programming/browse_frm/thread/f27c205eab2e8f95/2ac047fd8840cc2f?lnk=gst&q=ffi#2ac047fd8840cc2f
>>
>> it is recommended that you use ports (that is: external processes) to
>> exchange data with native libraries.
>>
>> However, the whole purpose of using smart cards is accessing sensitive
>> information stored into the card itself. To my limited knowledge,
>> opening a port (pipe) with an external process would allow sniffing.
>> Is that true? If not, what tools  should I use (preferably working
>> both on Linux and Windows)?
>>
>> I apologize if the question is somewhat off-topic.
>>
>> Thanks.
>>
>> ________________________________________________________________
>> erlang-questions mailing list. See http://www.erlang.org/faq.html
>> erlang-questions (at) erlang.org
>>
>
>
>
> --
> --Hynek (Pichi) Vychodil
>
> Analyze your data in minutes. Share your insights instantly. Thrill your
> boss.  Be a data hero!
> Try Good Data now for free: www.gooddata.com
>


More information about the erlang-questions mailing list