Hello, I need to share a short secret (say, 32 bytes long) between a process - the father - and its children.
The father process generates a random secret at launch. Then it launches multiple children, and children also have children. Both fork and execve are used. The whole tree uses the same Unix user (say, 'daemon') I need each child to be able to access the common secret. But other processes that are not descendants of the father process must not be able to access the secret, even if they also run under 'daemon’. Because there are some execve involved, I can’t just rely on fork to share memory. On Linux, I’m really not sure that a channel returned by socketpair would ensure confidentiality, so I would use a kernel keyring to store and share the secret (http://man7.org/linux/man-pages/man7/keyrings.7.html, session keyrings more exactly). What is the recommended way to share a secret between the father and the descendants on OpenBSD ? Can I assume that the socket pairs returned by socketpair provide confidentiality and integrity ? Thanks !
