LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 05-10-2007, 07:03 PM   #1
PatrickNew
Senior Member
 
Registered: Jan 2006
Location: Charleston, SC, USA
Distribution: Debian, Gentoo, Ubuntu, RHEL
Posts: 1,148
Blog Entries: 1

Rep: Reputation: 48
Shared memory authentification


Perhaps this question is better suited for the programming forum, but I thought I'd try here first. I somehow got the crazy idea that I could design a virtual file system like gnome-vfs or KIO, and I'm now stuck with a bunch of design choices.

Anyhow, I'm considering implementing the VFS as a per-user daemon, which applications would connect to and post requests to. However, if I ever intend for this model to work, it must be secure. Now, since a lot of data could potentially be getting pushed between two processes, I must use extremely fast IPC, which is why I settled on shared memory.

The basic idea is that the daemon would simply have an open socket that it listened to. Other processes would generate a unique shared memory segment, then communicate its ID over the socket. Then the daemon would connect to that piece of shared memory and from then on do all its IPC through that.

Now, the trick is enforcing the per-user daemon thing. That is, how to prevent a user process from connecting to the root daemon, effectively gaining root permissions to the file-system? I was wondering if there was any way to get the PID of the other processes attached to your piece of shared memory? By the way, I'm talking about shmget() shared memory, not mmaped shared memory.

I thought about using mmap as a way of doing this - it would allow you to use file permissions to control this - have a directory that the daemon watches, and when a process wants to connect it creates a file with its PID as the file name. Set the file permissions so that only to user can read or write to it. The trouble with this is that it might lead to corruption if one process exits and another is created with that PID between scans. Then the new connection wouldn't be made.

Anyhow, is there any way to verify the identity of the process on the other end of a bit of shared memory?
 
Old 05-10-2007, 07:20 PM   #2
PatrickNew
Senior Member
 
Registered: Jan 2006
Location: Charleston, SC, USA
Distribution: Debian, Gentoo, Ubuntu, RHEL
Posts: 1,148
Blog Entries: 1

Original Poster
Rep: Reputation: 48
wow, never mind - I feel stupid. Upon another reading of the manpage for shmget, I see that one can specify the permissions on a piece of shared memory.
 
Old 05-11-2007, 12:19 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,279
Blog Entries: 54

Rep: Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852
Moved: This thread is more suitable in the Programming forum and has been moved accordingly to help your thread/question get the exposure it deserves.
 
  


Reply

Tags
memory, security, shared


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
shared memory hegdeshashi Linux - Newbie 1 12-20-2006 06:14 AM
using shared memory clunix Programming 2 04-08-2006 12:13 PM
is shared memory expandable in memory size? Thinking Programming 4 08-16-2005 09:57 AM
c + shared memory dilberim82 Programming 3 03-07-2005 07:49 PM
shared memory blackzone Programming 1 10-14-2004 11:52 AM


All times are GMT -5. The time now is 07:07 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration