Sending the FD over D-bus

vishwa vishwa at linux.vnet.ibm.com
Thu Apr 11 17:51:27 AEST 2019


Unless I am missing something fundamental, are we saying this ?

Process-1:

fd = open(foo);

send(fd) to another process over D-Bus.

-------------------------------

Process-2:

read the "fd" from D-Bus

read(fd,..)

The process-2 would not even have entries in file desc table to map fd. 
So it would return EBADF. If the read succeeds, then it would be a read 
from a locally opened file that returned the same fd number part of open();

!! Vishwa !!

On 4/10/19 3:47 AM, Ratan Gupta wrote:
> Hi All,
>
> As Discussed in yesterday community call, I did some POC to send the 
> unix FD object over the D-Bus.
>
> BackGround: We are exploring the possibilities how to send the secrets 
> from one process to other process,
>
> a) If the IPC is D-bus
>
> b) Calling process doesn't have the root permission to write the 
> secrets in the configuration file.
>
> One of the proposal came, Can the calling process  send the unix fd 
> over the D-Bus instead of sending the actual password
>
> and receiving process reads the data from the sent fd.?
>
> There was a confusion if some other app can snoop the D-bus message 
> and get the FD and read it.I tried to simulate the same
>
> behavior in the POC but not sure whether it is correct or not.
>
> This POC has two files which is attached with this mail.
>
> Dbus-Service(dbus-service-fd-test.py):  Method(readFD) which takes the 
> unix fd as parameter reads it and send the data back
>
> Dbus-Client(dbus-client-fd-test.py): Writes dummy data in the file, 
> then opens the file and send the fd over D-bus.
>
>
> After sending the data over D-bus , I introduced a sleep of 15 sec so 
> that I can try to open the same fd from other
>
> process,I open the python shell and try to open the shared FD but 
> couldn't open it.
>
> Ratan
>
>
>
>
>
>
>
>
>
>
>
>



More information about the openbmc mailing list