Unnamed Pipes
Unnamed pipes form a one-way flow of data between two or more related processes. Because all processes communicating over a pipe share a common ancestor, they all have the same user ID, group ID, and sensitivity label inherited from the ancestor process unless privileges have been used to change those attributes. No mandatory or discretionary access checks are done when a pipe is opened, and no access checks are done for read and writes to a pipe.
If a process with an open pipe uses privilege to change its user ID, group ID, or sensitivity label, subsequent communication over the pipe effectively bypasses discretionary and mandatory access controls and the privileged process must apply its own controls to the communication.
The sensitivity label of the process writing the data is associated with each byte of data in the pipe. See the appropriate man page for specific information on security policy and applicable privileges.
- © 2010, Oracle Corporation and/or its affiliates