Sending the FD over D-bus
Ratan Gupta
ratagupt at linux.vnet.ibm.com
Wed Apr 10 05:47:55 AEST 2019
Hi All,
As Discussed in yesterday community call, I did some POC to send the
unix FD object over the D-Bus.
BackGround: We are exploring the possibilities how to send the secrets
from one process to other process,
a) If the IPC is D-bus
b) Calling process doesn't have the root permission to write the secrets
in the configuration file.
One of the proposal came, Can the calling process send the unix fd over
the D-Bus instead of sending the actual password
and receiving process reads the data from the sent fd.?
There was a confusion if some other app can snoop the D-bus message and
get the FD and read it.I tried to simulate the same
behavior in the POC but not sure whether it is correct or not.
This POC has two files which is attached with this mail.
Dbus-Service(dbus-service-fd-test.py): Method(readFD) which takes the
unix fd as parameter reads it and send the data back
Dbus-Client(dbus-client-fd-test.py): Writes dummy data in the file, then
opens the file and send the fd over D-bus.
After sending the data over D-bus , I introduced a sleep of 15 sec so
that I can try to open the same fd from other
process,I open the python shell and try to open the shared FD but
couldn't open it.
Ratan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbus-client-fd-test.py
Type: text/x-python
Size: 993 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190410/57335fdb/attachment.py>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbus-service-fd-test.py
Type: text/x-python
Size: 782 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190410/57335fdb/attachment-0001.py>
More information about the openbmc
mailing list