You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on May 22, 2023. It is now read-only.
Currently when the server is asked for a service it opens a socket pair and then passes one file descriptor to the client. This requires that the server has the ability to open arbitrary file descriptors. To further restrict the servers capabilities the broker should open the socket pair instead and send one file descriptor to the server. Once the server accepted the connection the broker sends the other socket to the requesting client.
The only downside is that the broker needs to keep track of pending connection requests.
There's a StackOverflow question on how to prevent processes on Linux from opening arbitrary file descriptors.
Change broker to be the only component opening file descriptors
Restrict components with seccomp
The text was updated successfully, but these errors were encountered:
As a convention pairs of file descriptors are always send client first, server second to the server. If multiple pairs are sent this order is kept and they are kept as pairs. The server will answer with a confirm message with one or more client file descriptors or with a reject message without any file descriptor.
Currently when the server is asked for a service it opens a socket pair and then passes one file descriptor to the client. This requires that the server has the ability to open arbitrary file descriptors. To further restrict the servers capabilities the broker should open the socket pair instead and send one file descriptor to the server. Once the server accepted the connection the broker sends the other socket to the requesting client.
The only downside is that the broker needs to keep track of pending connection requests.
There's a StackOverflow question on how to prevent processes on Linux from opening arbitrary file descriptors.
The text was updated successfully, but these errors were encountered: