Re: How to share a secret between a process and its children ?
On Thu, Nov 16, 2017 at 08:08:30PM +0100, Stephane Martin wrote: > Hello, > > I need to share a short secret (say, 32 bytes long) between a process - the > father - and its children. > > The father process generates a random secret at launch. Then it > launches multiple children, and children also have children. Both > fork and execve are used. The whole tree uses the same Unix user > (say, 'daemon') > > I need each child to be able to access the common secret. But other > processes that are not descendants of the father process must not be > able to access the secret, even if they also run under 'daemon’. On unix, the user-id is the thing that ensures isolation. You can't hide secrets from processes that belong to the same user-id. The easier is to run the processes that shares the secret as a dedicated user-id and use any suitable ipc mechanism.
Re: How to share a secret between a process and its children ?
> On 16 nov. 2017 =C3=A0 22:15 +0100, Theo de Raadt , > wrote: > > > On Linux, I'm really not sure that a channel returned by socketpair > > > would ensure confidentiality > > > > Huh? Why not? > > > /proc/pid/fd I'm speaking more generally that a socketpair is safe amongst it's uid, except for root. There is such thing on OpenBSD. And it doesn't matter. If you have another uid that can read it, you're screwed. Inventing crazy shit is pointless. Someone just attaches to the process earlier. So much pointless overdesign to compensate for bad decisions before privsep became well known.
Re: How to share a secret between a process and its children ?
On 16 nov. 2017 à 22:15 +0100, Theo de Raadt , wrote: > > On Linux, I'm really not sure that a channel returned by socketpair > > would ensure confidentiality > > Huh? Why not? > /proc/[pid]/fd
Re: How to share a secret between a process and its children ?
> On Linux, I'm really not sure that a channel returned by socketpair > would ensure confidentiality Huh? Why not?
How to share a secret between a process and its children ?
Hello, I need to share a short secret (say, 32 bytes long) between a process - the father - and its children. The father process generates a random secret at launch. Then it launches multiple children, and children also have children. Both fork and execve are used. The whole tree uses the same Unix user (say, 'daemon') I need each child to be able to access the common secret. But other processes that are not descendants of the father process must not be able to access the secret, even if they also run under 'daemon’. Because there are some execve involved, I can’t just rely on fork to share memory. On Linux, I’m really not sure that a channel returned by socketpair would ensure confidentiality, so I would use a kernel keyring to store and share the secret (http://man7.org/linux/man-pages/man7/keyrings.7.html, session keyrings more exactly). What is the recommended way to share a secret between the father and the descendants on OpenBSD ? Can I assume that the socket pairs returned by socketpair provide confidentiality and integrity ? Thanks !
