Search code examples
algorithmhashconsole-applicationtrust

Trusted application execution


Assume that we have two applications:

MasterApp

SlaveApp

MasterApp is executing SlaveApp with some arguments, fe: slaveapp --param1 100 param2 "hello"

You can't see that directly, but somebody may try to inspect arguments provided to slaveapp, and execute it from console.

I want slaveapp to become executable only by masterapp, so that user can't run it in console mode (or as slave or another app). I was thinking about providing some unique_string and md5(unique_string + salt), but if somebody will inspect arguments he may understand what's goin' on. Is there some way to do it only by providing some unique, trusted argument that can't be used twice (and there is no resource sharing like files with private/ public keys etc)?


Solution

  • It is basically impossible to avoid replay attacks if your communication channel only goes master -> slave. Signing the request with a timestamp in it could help, but even that isn't perfect (especially if the attacker has some control of the clock).

    The better strategy is to establish a two-way communication between master and slave. I'm not sure what language you're working in, but usually there's a way for the master to talk to the slave after it is forked, other than just the command line.

    Using that channel, you can have the slave generate a random nonce, send that to the master, have the master sign it, send it back to the slave, and check the signature in the slave.