1

I have a need to do a lot of random-access reads in a large file so I use mmap(). This solution seems to be perfect as long as the mapped file is untouched. But this is not always the case. If the mapped file is tampered with, several problems arise:

  • If a change to a file reduces its length or the file becomes inaccessible then a process in order to live must handle SIGBUS signal (at least, in Linux implementation). This adds additional complications since I'm writing a library.

  • To make things even worse, mmap() manpage says it is unspecified if changes to the original file are propagated to the memory. So they can very well be propagated. This essentially means the contents of the file I work with can become white noise at any moment.

Does all of this mean that any program that maps a freely accessible file and does not handle these problems can be brought down by a DoS attack? Even while I do not expect evil hackers to go after my program, I can easily see a user modifying my mapped file, replacing it with another one or making the file inaccessible by, for example, removing a USB drive. And while I can write a signal handler (and this is a bit messy, so I am looking for a better solution) to solve the first problem, I have no idea how to solve the second one.

The file can not be copied and can be freely moved around if it's not used by a program (just like any other media file). Linux file locks do not always work.

So, how to safely use mmap() for reading?

qirlib
  • 23
  • 5
  • 1
    Don't try to protect the user from themselves. If a user has been granted equivalent or greater access (including hardware access) than your software, then you don't have the right to tell them not to do things. For everything else, simply `chmod 600` to prevent anyone from modifying your file. – that other guy Oct 04 '18 at 22:51

0 Answers0