Sending the FD over D-bus
vishwa
vishwa at linux.vnet.ibm.com
Thu Apr 11 17:51:27 AEST 2019
Unless I am missing something fundamental, are we saying this ?
Process-1:
fd = open(foo);
send(fd) to another process over D-Bus.
-------------------------------
Process-2:
read the "fd" from D-Bus
read(fd,..)
The process-2 would not even have entries in file desc table to map fd.
So it would return EBADF. If the read succeeds, then it would be a read
from a locally opened file that returned the same fd number part of open();
!! Vishwa !!
On 4/10/19 3:47 AM, Ratan Gupta wrote:
> Hi All,
>
> As Discussed in yesterday community call, I did some POC to send the
> unix FD object over the D-Bus.
>
> BackGround: We are exploring the possibilities how to send the secrets
> from one process to other process,
>
> a) If the IPC is D-bus
>
> b) Calling process doesn't have the root permission to write the
> secrets in the configuration file.
>
> One of the proposal came, Can the calling process send the unix fd
> over the D-Bus instead of sending the actual password
>
> and receiving process reads the data from the sent fd.?
>
> There was a confusion if some other app can snoop the D-bus message
> and get the FD and read it.I tried to simulate the same
>
> behavior in the POC but not sure whether it is correct or not.
>
> This POC has two files which is attached with this mail.
>
> Dbus-Service(dbus-service-fd-test.py): Method(readFD) which takes the
> unix fd as parameter reads it and send the data back
>
> Dbus-Client(dbus-client-fd-test.py): Writes dummy data in the file,
> then opens the file and send the fd over D-bus.
>
>
> After sending the data over D-bus , I introduced a sleep of 15 sec so
> that I can try to open the same fd from other
>
> process,I open the python shell and try to open the shared FD but
> couldn't open it.
>
> Ratan
>
>
>
>
>
>
>
>
>
>
>
>
More information about the openbmc
mailing list