Sending the FD over D-bus

Fri Apr 12 03:49:21 AEST 2019

On 11/04/19 1:21 PM, vishwa wrote:
> Unless I am missing something fundamental, are we saying this ?
>
> Process-1:
>
> fd = open(foo);
>
> send(fd) to another process over D-Bus.
>
> -------------------------------
>
> Process-2:
>
> read the "fd" from D-Bus
>
> read(fd,..)
>
> The process-2 would not even have entries in file desc table to map 
> fd. So it would return EBADF. If the read succeeds, then it would be a 
> read from a locally opened file that returned the same fd number part 
> of open();

Yes, it is true that one process(D-Bus service) can send the FD to other 
process(D-Bus service), How this is achieves internally through D-Bus 
implementation, I have not gone through it, But the spec suggest the same.

|UNIX_FD| 	|h| (104) 	Unsigned 32-bit integer representing an index into 
an out-of-band array of file descriptors, transferred via some 
platform-specific mechanism (mnemonic: h for handle)

Please have a look at the poc also, which I shared. Process 2 doesn't 
have any open file, still it reads the data from the shared fd.

>
> !! Vishwa !!
>
> On 4/10/19 3:47 AM, Ratan Gupta wrote:
>> Hi All,
>>
>> As Discussed in yesterday community call, I did some POC to send the 
>> unix FD object over the D-Bus.
>>
>> BackGround: We are exploring the possibilities how to send the 
>> secrets from one process to other process,
>>
>> a) If the IPC is D-bus
>>
>> b) Calling process doesn't have the root permission to write the 
>> secrets in the configuration file.
>>
>> One of the proposal came, Can the calling process  send the unix fd 
>> over the D-Bus instead of sending the actual password
>>
>> and receiving process reads the data from the sent fd.?
>>
>> There was a confusion if some other app can snoop the D-bus message 
>> and get the FD and read it.I tried to simulate the same
>>
>> behavior in the POC but not sure whether it is correct or not.
>>
>> This POC has two files which is attached with this mail.
>>
>> Dbus-Service(dbus-service-fd-test.py):  Method(readFD) which takes 
>> the unix fd as parameter reads it and send the data back
>>
>> Dbus-Client(dbus-client-fd-test.py): Writes dummy data in the file, 
>> then opens the file and send the fd over D-bus.
>>
>>
>> After sending the data over D-bus , I introduced a sleep of 15 sec so 
>> that I can try to open the same fd from other
>>
>> process,I open the python shell and try to open the shared FD but 
>> couldn't open it.
>>
>> Ratan
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
Ratan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190411/0045be69/attachment.htm>