delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2002/06/04/11:01:30

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Tue, 4 Jun 2002 10:51:38 -0400 (EDT)
From: David E Euresti <davie AT MIT DOT EDU>
To: egor duda <cygwin AT cygwin DOT com>
Subject: Re: Duplicating Unix Domain Sockets
In-Reply-To: <291438343308.20020604101630@logos-m.ru>
Message-ID: <Pine.GSO.4.30L.0206041039490.745-100000@scrubbing-bubbles.mit.edu>
MIME-Version: 1.0 

On Tue, 4 Jun 2002, egor duda wrote:

> Hi!
>
> It's not enough to just pass numerical value of descriptor between
> processes. Each cygwin fd has several win32 handles associated with
> it, which are used to actually do the job, to read or write the data,
> to perform synchronization, etc. If you want to pass fd1 from proc1 to
> proc2, you have to duplicate all win32 handles associated with fd1
> into address space of proc2. This can be done by DuplicateHandle ()
> function, but if you take a look on its docs on msdn, you'll see that
> it requires process handles of proc1 and proc2 to work. Given that
> proc1 and proc2 can be absolutely unrelated and run from different
> accounts, there's no secure way to obtain those process handles
> without help from some mediator process which run at high enough level
> of privileges.

Oh I know it's not enough just passing a number.  I've already got a user
land application passing file descriptor by passing

struct passfd {
  unsigned int uiMagic;  // Magic number to see if it's right
  DWORD dwProcessID;     // Process ID of sender
  HANDLE hHandle;        // Handle in sender's process
  BOOL bBinary;          // is it Binary or Text?
  BOOL bRead;            // Is it read?
  BOOL bWrite;           // Is it write
  DWORD dwDevice;        // Device type as listed in windows_device_names
in path.cc
};

So basically I pass this info in at the beginning of a packet.  And then
the receiving end calls DuplicateHandle, followed by cygwin_handle_to_fd.
It works well except it doesn't mark the right socket types.  i.e. UDP,
TCP, AF_UNIX etc.  (I've sent the code before search for my name in the
archive and you'll find it titled "File Descriptor passing fun".

Another problem with this is that there's a bit of synchronization needed
because the sending process can't close the socket until it's been
duplicated.  This will actually happen in the suggestion I had.

> That's what cygwin daemon is for -- to provide a
> services that require high privileges to normal non-privileged
> processes. After such handle duplication service (with appropriate
> security checks) is implemented in cygwin daemon, it would be simple
> to augment AF_UNIX sockets protocol to be able to pass auxiliary
> information such as fds.
>

Well as I have to have this to graduate, I could work on this. But
somebody needs to tell me where to start looking.  Because i've looked
through the source and I don't really get it.

Thanks,
David


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019