View Full Version : Is NSNotificationCenter a security risk?

Sep 23, 2010, 01:50 PM
I was discussing one of my programs with a friend of mine who works as a security consultant. When I mentioned the NSNotifications and NSNotificationCenter, he said that it sounds like something he could easily exploit. I'm wondering, from the experienced programmers out there, have you seen any exploits using the NSNotificationCenter, or is it more a matter of what's being done in reaction to receiving the notification?

Sep 23, 2010, 03:16 PM
I think you'd have to ask him what he means; Also are you talking about NSNotificationCenter or NSDistributedNotificationCenter?

Sep 23, 2010, 03:30 PM
Ask him to explain how he thinks he can exploit it. Post that explanation. It might be worthwhile for him to read the reference docs for the class first, rather than relying entirely on your informal description.

I've never heard of any exploits that solely involved NSNotificationCenter. That is, an exploit where NSNotificationCenter and only that class was the primary cause of an exploited vulnerability. If there is such an intrinsic vulnerability, I'd be interested in hearing what it is.

NSNotificationCenter is per-process. It's not the same as NSDistributedNotificationCenter, which goes across processes, but is still constrained to notifications on the same machine. And NSDistributedNotificationCenter isn't the same as Distributed Objects. In any case, if an attacker can execute arbitrary code on a target machine, there are a lot simpler avenues than attacking NSNotificationCenter. If the attacker can't execute arbitrary code, then that rules out a lot of potential attacks, regardless of what they might attempt.

It's always possible to write a program that does something foolhardy when it receives a notification. That would be a vulnerability in the recipient's action, though, not in NSNotificationCenter itself. Example: a notification observer deletes any pathname sent to it in the userInfo dictionary, without first ascertaining that the sender is authorized.

Sep 24, 2010, 11:42 AM
The question is a generic one, so asking my friend about the specifics of what he'd do kind of defeats the purpose of the question. I just want to know if the experienced programmers out there have seen any security issues arise from NSNotificationCenter.

Sep 24, 2010, 12:09 PM
No. It's conceptually incredibly simple, and I don't see any way it could be. Your friend is either completely wrong, or you explained NSNotificationCenter incorrectly.

Sep 24, 2010, 03:19 PM
I honestly can't see how it would be a security hole by itself. Of course, bad code can turn almost anything in a security hole, as chown33 posted above.