This repository was archived by the owner on May 22, 2023. It is now read-only.
Restrict components #134
Comments
|
As a convention pairs of file descriptors are always send client first, server second to the server. If multiple pairs are sent this order is kept and they are kept as pairs. The server will answer with a confirm message with one or more client file descriptors or with a reject message without any file descriptor. |
jklmnn
added a commit
that referenced
this issue
Jan 21, 2020
Closed
jklmnn
added a commit
that referenced
this issue
Feb 21, 2020
jklmnn
added a commit
that referenced
this issue
May 20, 2020
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently when the server is asked for a service it opens a socket pair and then passes one file descriptor to the client. This requires that the server has the ability to open arbitrary file descriptors. To further restrict the servers capabilities the broker should open the socket pair instead and send one file descriptor to the server. Once the server accepted the connection the broker sends the other socket to the requesting client.
The only downside is that the broker needs to keep track of pending connection requests.
There's a StackOverflow question on how to prevent processes on Linux from opening arbitrary file descriptors.
The text was updated successfully, but these errors were encountered: