Sending the FD over D-bus
William Kennington
wak at google.com
Thu Apr 11 18:11:04 AEST 2019
Yes, this is what is being said. d-bus supports this and is based on
http://man7.org/linux/man-pages/man3/cmsg.3.html type of fd passing.
It's not actually the same fd number for both processes, but the
backing resource for the fd is the same.
On Thu, Apr 11, 2019 at 12:52 AM vishwa <vishwa at linux.vnet.ibm.com> wrote:
>
> Unless I am missing something fundamental, are we saying this ?
>
> Process-1:
>
> fd = open(foo);
>
> send(fd) to another process over D-Bus.
>
> -------------------------------
>
> Process-2:
>
> read the "fd" from D-Bus
>
> read(fd,..)
>
> The process-2 would not even have entries in file desc table to map fd.
> So it would return EBADF. If the read succeeds, then it would be a read
> from a locally opened file that returned the same fd number part of open();
>
> !! Vishwa !!
>
> On 4/10/19 3:47 AM, Ratan Gupta wrote:
> > Hi All,
> >
> > As Discussed in yesterday community call, I did some POC to send the
> > unix FD object over the D-Bus.
> >
> > BackGround: We are exploring the possibilities how to send the secrets
> > from one process to other process,
> >
> > a) If the IPC is D-bus
> >
> > b) Calling process doesn't have the root permission to write the
> > secrets in the configuration file.
> >
> > One of the proposal came, Can the calling process send the unix fd
> > over the D-Bus instead of sending the actual password
> >
> > and receiving process reads the data from the sent fd.?
> >
> > There was a confusion if some other app can snoop the D-bus message
> > and get the FD and read it.I tried to simulate the same
> >
> > behavior in the POC but not sure whether it is correct or not.
> >
> > This POC has two files which is attached with this mail.
> >
> > Dbus-Service(dbus-service-fd-test.py): Method(readFD) which takes the
> > unix fd as parameter reads it and send the data back
> >
> > Dbus-Client(dbus-client-fd-test.py): Writes dummy data in the file,
> > then opens the file and send the fd over D-bus.
> >
> >
> > After sending the data over D-bus , I introduced a sleep of 15 sec so
> > that I can try to open the same fd from other
> >
> > process,I open the python shell and try to open the shared FD but
> > couldn't open it.
> >
> > Ratan
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
More information about the openbmc
mailing list