On Thu, Nov 16, 2017 at 08:08:30PM +0100, Stephane Martin wrote: > Hello, > > I need to share a short secret (say, 32 bytes long) between a process - the > father - and its children. > > The father process generates a random secret at launch. Then it > launches multiple children, and children also have children. Both > fork and execve are used. The whole tree uses the same Unix user > (say, 'daemon') > > I need each child to be able to access the common secret. But other > processes that are not descendants of the father process must not be > able to access the secret, even if they also run under 'daemon’.
On unix, the user-id is the thing that ensures isolation. You can't hide secrets from processes that belong to the same user-id. The easier is to run the processes that shares the secret as a dedicated user-id and use any suitable ipc mechanism.
