Resource managers and vulnerabilities

Updated: October 26, 2022

A QNX Neutrino resource manager is a user-space process that accepts messages from other processes and performs actions on their behalf. Because resource managers are available to all processes (even processes running as other users or groups), they are an attractive target for attacks.

About resource managers

The resource manager registers a pathname prefix in the filesystem namespace that other processes use to contact it. Messages can also be sent directly over QNX Neutrino channels without using the pathname. A common use of a resource manager is to present a device node (e.g., /dev/serial) to communicate with hardware. These user-space processes implement functionality that a kernel-space device driver provides on other operating systems. A resource manager can support any function that is based on a file descriptor as well as other forms of interprocess communication (IPC).

Generally speaking, a resource manager is one of the following two types:

QNX recommends that you read the “Resource Managers” chapter in Getting Started with QNX Neutrino for a complete description of a resource manager and how to create one.

Vulnerabilities

The channels that resource managers listen on are exposed to all processes running on a QNX system (unless security policies are used). You cannot rely on the permissions of the directory the resource manager listens in to restrict access (e.g., the permissions on the /dev directory do not limit access to the /dev/serial resource manager). Most vulnerabilities in resource managers belong to one of the following two categories:

  • improper length checking leading to buffer overflows
  • improper permission checking

Structures

Before you read the detailed guidance in this document, it may be helpful to review the reference information for the following structures. These are the key structures that you use to manage clients connected to a resource manager: