<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<div class="moz-cite-prefix">On 11/04/19 1:21 PM, vishwa wrote:<br>
</div>
<blockquote type="cite"
cite="mid:51da69bb-1cfc-fac2-0bad-f0ad5556ffcb@linux.vnet.ibm.com">Unless
I am missing something fundamental, are we saying this ?
<br>
<br>
Process-1:
<br>
<br>
fd = open(foo);
<br>
<br>
send(fd) to another process over D-Bus.
<br>
<br>
-------------------------------
<br>
<br>
Process-2:
<br>
<br>
read the "fd" from D-Bus
<br>
<br>
read(fd,..)
<br>
<br>
The process-2 would not even have entries in file desc table to
map fd. So it would return EBADF. If the read succeeds, then it
would be a read from a locally opened file that returned the same
fd number part of open();
<br>
</blockquote>
<p>Yes, it is true that one process(D-Bus service) can send the FD
to other process(D-Bus service), How this is achieves internally
through D-Bus implementation, I have not gone through it, But the
spec suggest the same.<br>
</p>
<table class="informaltable" border="1">
<tbody>
<tr>
<td><code class="literal">UNIX_FD</code></td>
<td><code class="literal">h</code> (104)</td>
<td>Unsigned 32-bit integer representing an index into an
out-of-band array of file descriptors, transferred via some
platform-specific mechanism (mnemonic: h for handle)</td>
</tr>
</tbody>
</table>
<p>Please have a look at the poc also, which I shared. Process 2
doesn't have any open file, still it reads the data from the
shared fd.<br>
</p>
<blockquote type="cite"
cite="mid:51da69bb-1cfc-fac2-0bad-f0ad5556ffcb@linux.vnet.ibm.com">
<br>
!! Vishwa !!
<br>
<br>
On 4/10/19 3:47 AM, Ratan Gupta wrote:
<br>
<blockquote type="cite">Hi All,
<br>
<br>
As Discussed in yesterday community call, I did some POC to send
the unix FD object over the D-Bus.
<br>
<br>
BackGround: We are exploring the possibilities how to send the
secrets from one process to other process,
<br>
<br>
a) If the IPC is D-bus
<br>
<br>
b) Calling process doesn't have the root permission to write the
secrets in the configuration file.
<br>
<br>
One of the proposal came, Can the calling process send the unix
fd over the D-Bus instead of sending the actual password
<br>
<br>
and receiving process reads the data from the sent fd.?
<br>
<br>
There was a confusion if some other app can snoop the D-bus
message and get the FD and read it.I tried to simulate the same
<br>
<br>
behavior in the POC but not sure whether it is correct or not.
<br>
<br>
This POC has two files which is attached with this mail.
<br>
<br>
Dbus-Service(dbus-service-fd-test.py): Method(readFD) which
takes the unix fd as parameter reads it and send the data back
<br>
<br>
Dbus-Client(dbus-client-fd-test.py): Writes dummy data in the
file, then opens the file and send the fd over D-bus.
<br>
<br>
<br>
After sending the data over D-bus , I introduced a sleep of 15
sec so that I can try to open the same fd from other
<br>
<br>
process,I open the python shell and try to open the shared FD
but couldn't open it.
<br>
<br>
Ratan
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</blockquote>
</blockquote>
Ratan<br>
</body>
</html>