Sending the FD over D-bus

[Ratan Gupta]

Hi All,

As Discussed in yesterday community call, I did some POC to send the 
unix FD object over the D-Bus.

BackGround: We are exploring the possibilities how to send the secrets 
from one process to other process,

a) If the IPC is D-bus

b) Calling process doesn't have the root permission to write the secrets 
in the configuration file.

One of the proposal came, Can the calling process  send the unix fd over 
the D-Bus instead of sending the actual password

and receiving process reads the data from the sent fd.?

There was a confusion if some other app can snoop the D-bus message and 
get the FD and read it.I tried to simulate the same

behavior in the POC but not sure whether it is correct or not.

This POC has two files which is attached with this mail.

Dbus-Service(dbus-service-fd-test.py):  Method(readFD) which takes the 
unix fd as parameter reads it and send the data back

Dbus-Client(dbus-client-fd-test.py): Writes dummy data in the file, then 
opens the file and send the fd over D-bus.


After sending the data over D-bus , I introduced a sleep of 15 sec so 
that I can try to open the same fd from other

process,I open the python shell and try to open the shared FD but 
couldn't open it.

Ratan












-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbus-client-fd-test.py
Type: text/x-python
Size: 993 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190410/57335fdb/attachment.py>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbus-service-fd-test.py
Type: text/x-python
Size: 782 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190410/57335fdb/attachment-0001.py>