Sending the FD over D-bus
Vernon Mauery
vernon.mauery at linux.intel.com
Fri Apr 12 06:01:28 AEST 2019
On 11-Apr-2019 11:19 PM, Ratan Gupta wrote:
>
>On 11/04/19 1:21 PM, vishwa wrote:
>>Unless I am missing something fundamental, are we saying this ?
>>
>>Process-1:
>>
>>fd = open(foo);
>>
>>send(fd) to another process over D-Bus.
>>
>>-------------------------------
>>
>>Process-2:
>>
>>read the "fd" from D-Bus
>>
>>read(fd,..)
>>
>>The process-2 would not even have entries in file desc table to map
>>fd. So it would return EBADF. If the read succeeds, then it would be
>>a read from a locally opened file that returned the same fd number
>>part of open();
>
>Yes, it is true that one process(D-Bus service) can send the FD to
>other process(D-Bus service), How this is achieves internally through
>D-Bus implementation, I have not gone through it, But the spec suggest
>the same.
It is not necessarily the same. This is accomplished using the msghdr
headers in sendmsg (read sendmsg(2) and cmesg(3) and
https://keithp.com/blogs/fd-passing/ )
>|UNIX_FD| |h| (104) Unsigned 32-bit integer representing an index
>into an out-of-band array of file descriptors, transferred via some
>platform-specific mechanism (mnemonic: h for handle)
>
>Please have a look at the poc also, which I shared. Process 2 doesn't
>have any open file, still it reads the data from the shared fd.
>
>>
>>!! Vishwa !!
>>
>>On 4/10/19 3:47 AM, Ratan Gupta wrote:
>>>Hi All,
>>>
>>>As Discussed in yesterday community call, I did some POC to send
>>>the unix FD object over the D-Bus.
>>>
>>>BackGround: We are exploring the possibilities how to send the
>>>secrets from one process to other process,
>>>
>>>a) If the IPC is D-bus
>>>
>>>b) Calling process doesn't have the root permission to write the
>>>secrets in the configuration file.
>>>
>>>One of the proposal came, Can the calling process send the unix
>>>fd over the D-Bus instead of sending the actual password
>>>
>>>and receiving process reads the data from the sent fd.?
>>>
>>>There was a confusion if some other app can snoop the D-bus
>>>message and get the FD and read it.I tried to simulate the same
>>>
>>>behavior in the POC but not sure whether it is correct or not.
>>>
>>>This POC has two files which is attached with this mail.
>>>
>>>Dbus-Service(dbus-service-fd-test.py): Method(readFD) which takes
>>>the unix fd as parameter reads it and send the data back
>>>
>>>Dbus-Client(dbus-client-fd-test.py): Writes dummy data in the
>>>file, then opens the file and send the fd over D-bus.
>>>
>>>
>>>After sending the data over D-bus , I introduced a sleep of 15 sec
>>>so that I can try to open the same fd from other
>>>
>>>process,I open the python shell and try to open the shared FD but
>>>couldn't open it.
>>>
>>>Ratan
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>Ratan
More information about the openbmc
mailing list