I need some guidance regarding interprocess communication with Deno
What are good cross-platform (Windows, Linux) options for interprocess communication / data sharing between a Deno runtime running untrusted code, and another process that is trusted (both are running on the same host)? I recognize there are always risks associated with this, and I don't expect to achieve perfect security; I just don't want to take an approach that is absurdly insecure.
Besides security, performance and ease of use are concerns; it would be preferable to not have to create my own protocol, for instance.
7 Replies
GitHub
Deno.listen w/ unix transport on Windows · Issue #18236 · denoland/...
Not sure if this is supposed to work or not, but I'll give it a shot: const listener = Deno.listen({ path: "c:\temp\my.sock", transport: "unix" }); listener.close() error:...
Hey, thank you.
That's interesting; so whenever tokio adds support for UnixStream and UnixListener on Windows, this should allow using Unix transport with Deno to achieve what I'm asking for? Am I understanding correctly that this hasn't happened yet, though, given the issues are still open?
Correct. When that's done, you'll be able to use Unix sockets for IPC on Windows and secure it by making use of file permissions so that only allowed processes can access the socket. That's already possible on Linux, but not on Windows
If file permissions are not enough for you to secure your IPC, then I think you will have to come up with your own solution on top of that
Deno.Command()?Hey Leokuma, thank you again. That might be a nice solution when it's available, I'll have to think about it when it is.
Hey guest271314, I'll take another look at it, I looked at it before and I think it seemed like there were some issues with it.
IIRC, it seemed like I would need to launch a process for every single read or write I wanted to do?
Also, would the piped file be an actual file on the disk?
Maybe that would work out ok, I'm not sure what ramifications there are with handling things this way.
IIRC, it seemed like I would need to launch a process for every single read or write I wanted to do?Not necessarily. You can use libdatachannel to create a peer-to-peer connection, and other approaches.
Also, would the piped file be an actual file on the disk?No. You can do that, too.
Hey, thank you for the further information.
Assuming you're referring to https://libdatachannel.org/, I'm not sure I'm following you; that seems to be meant for socket connections, rather than pipes?
Is that meant to be an alternative, or am I missing a way to use it without sockets?
Your suggestion here is pretty interesting to me, (I'll post questions relqted to it in that thread): https://discord.com/channels/684898665143206084/1140442376062640159/1144145370461503579