09-09-2008
If you are that worried about security from other processes, you should instead set up a socket for all the processes to communicate through. And if you really want to do it right, each message contains a sequence number and a secret token of some sort. Of course, this won't prevent someone with root from attaching a debugger and reverse-engineering the protocol or finding the secret token.
10 More Discussions You Might Find Interesting
1. Programming
does the way of handling, interrupting signals in HP-UX same as that of solaris. If there is difference than what it is.?:confused: (1 Reply)
Discussion started by: kapilv
1 Replies
2. UNIX for Advanced & Expert Users
Is there a way to monitor certain processes and if they hang too long to kill them, but certain scripts which are expected to take a long time to let them go?
Thank you
Richard (4 Replies)
Discussion started by: ukndoit
4 Replies
3. Solaris
Hi
Is there an easy way to identify and group currently running processes into OS processes and APP processes. Not all applications are installed as packages.
Any free tools or scripts to do this?
Many thanks. (2 Replies)
Discussion started by: wilsonee
2 Replies
4. UNIX for Dummies Questions & Answers
(posted this in the scripting forum as well, but figured it should go here) So, what's going on is this:
For our program, we had to create our own shell, and if the user pressed ctrl-c just at the cmdline, then this signal would be ignored, but if there is a foreground process running, let's... (0 Replies)
Discussion started by: blind melon
0 Replies
5. Programming
How can use signals in a C program If i want a child program to signal it's parent program that it(child) program has completed the task that it was assigned.:confused: (2 Replies)
Discussion started by: kapilv
2 Replies
6. UNIX for Advanced & Expert Users
Hi,
I have a program which invokes child processes and communicates with the processes. When I run the program under gdb and say interrupt, all the child processes are dying. Here I am not interested in debugging the child processes. But I don't want my child processes to be killed as my parent... (2 Replies)
Discussion started by: klnarayana
2 Replies
7. Programming
Hello,
I have two programs: server.c and client.c
I need to send signal from client to server. As far as I know I need to use kill() function. To use kill() function I have to know the pid the second process. How can I send pid from process to process(both are written in separate files).
... (3 Replies)
Discussion started by: fasolens
3 Replies
8. Shell Programming and Scripting
I had issues with processes locking up. This script checks for processes and kills them if they are older than a certain time.
Its uses some functions you'll need to define or remove, like slog() which I use for logging, and is_running() which checks if this script is already running so you can... (0 Replies)
Discussion started by: sukerman
0 Replies
9. UNIX for Dummies Questions & Answers
I know how to add signal to a set. But what if I want to add 2 or 3 signals to the set.
I know I can use sigaddset (&set,SIGBUS)....but what if I want to add SIGBUS and SIGALRM at once. Do i have to do it like this..
sigaddset (&set,SIGBUS);
sigaddset (&set,SIGALRM);
Is there another way to... (0 Replies)
Discussion started by: joker40
0 Replies
10. UNIX for Advanced & Expert Users
Hi All,
The problem statement is as below:
Problem: A process (exe) is getting executed in background. The output of this process is getting logged in a file. After successfully running for some time the process gets terminated. In the log file following is present:
^M[7m Interrupt ^M[27m... (8 Replies)
Discussion started by: Praty.27
8 Replies
LEARN ABOUT DEBIAN
ssss-split
ssss(1) General Commands Manual ssss(1)
NAME
ssss - Split and Combine Secrets using Shamir's Secret Sharing Scheme.
SYNOPSIS
ssss-split -t threshold -n shares [-w token] [-s level] [-x] [-q] [-Q] [-D] [-v]
ssss-combine -t threshold [-x] [-q] [-Q] [-D] [-v]
DESCRIPTION
ssss is an implementation of Shamir's Secret Sharing Scheme. The program suite does both: the generation of shares for a known secret, and
the reconstruction of a secret using user-provided shares.
COMMANDS
ssss-split: prompt the user for a secret and generate a set of corresponding shares.
ssss-combine: read in a set of shares and reconstruct the secret.
OPTIONS
-t threshold
Specify the number of shares necessary to reconstruct the secret.
-n shares
Specify the number of shares to be generated.
-w token
Text token to name shares in order to avoid confusion in case one utilizes secret sharing to protect several independent secrets.
The generated shares are prefixed by these tokens.
-s level
Enforce the scheme's security level (in bits). This option implies an upper bound for the length of the shared secret (shorter
secrets are padded). Only multiples of 8 in the range from 8 to 1024 are allowed. If this option is ommitted (or the value given is
0) the security level is chosen automatically depending on the secret's length. The security level directly determines the length of
the shares.
-x Hex mode: use hexadecimal digits in place of ASCII characters for I/O. This is useful if one wants to protect binary data, like
block cipher keys.
-q Quiet mode: disable all unnecessary output. Useful in scripts.
-Q Extra quiet mode: like -q, but also suppress warnings.
-D Disable the diffusion layer added in version 0.2. This option is needed when shares are combined that where generated with ssss ver-
sion 0.1.
-v Print version information.
EXAMPLE
In case you want to protect your login password with a set of ten shares in such a way that any three of them can reconstruct the password,
you simply run the command
ssss-split -t 3 -n 10 -w passwd
To reconstruct the password pass three of the generated shares (in any order) to
ssss-combine -t 3
NOTES
To protect a secret larger than 1024 bits a hybrid technique has to be applied: encrypt the secret with a block cipher and apply secret
sharing to just the key. Among others openssl and gpg can do the encryption part:
openssl bf -e < file.plain > file.encrypted
gpg -c < file.plain > file.encrypted
SECURITY
ssss tries to lock its virtual address space into RAM for privacy reasons. But this may fail for two reasons: either the current uid
doesn't permit page locking, or the RLIMIT_MEMLOCK is set too low. After printing a warning message ssss will run even without obtaining
the desired mlock.
AUTHOR
This software (v0.5) was written in 2006 by B. Poettering (ssss AT point-at-infinity.org). Find the newest version of ssss on the project's
homepage: http://point-at-infinity.org/ssss/.
FURTHER READING
http://en.wikipedia.org/wiki/Secret_sharing
Manuals User ssss(1)