* [9fans] Copying pushtls(2)
@ 2003-08-08 12:35 Lucio De Re
2003-08-08 13:29 ` David Presotto
2003-08-08 13:42 ` C H Forsyth
0 siblings, 2 replies; 8+ messages in thread
From: Lucio De Re @ 2003-08-08 12:35 UTC (permalink / raw)
To: 9fans mailing list
Can the technique used in pushtls(2) of passing an open file
descriptor to a filter device work with a user-space file server?
What would be the equivalent lib9p idiom?
Somehow, I can't imagine just handing an integer to a user-space
file server (a totally distinct executable) and thereafter presuming
that the latter will find it useable as a file handle. What am I
missing?
If that technique is not viable, is there perhaps another mechanism
that can be used analogously? An existing example would be a nice
pointer.
++L
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Copying pushtls(2)
2003-08-08 12:35 [9fans] Copying pushtls(2) Lucio De Re
@ 2003-08-08 13:29 ` David Presotto
2003-08-08 13:39 ` Lucio De Re
2003-08-08 13:42 ` C H Forsyth
1 sibling, 1 reply; 8+ messages in thread
From: David Presotto @ 2003-08-08 13:29 UTC (permalink / raw)
To: 9fans
On Fri Aug 8 08:50:32 EDT 2003, lucio@proxima.alt.za wrote:
> Can the technique used in pushtls(2) of passing an open file
> descriptor to a filter device work with a user-space file server?
Not really. It only works in tls/ssl/srv because the driver is
really running in the context of the process, i.e., its not really
fd passing, just using your own fd's. 9P doesn't have a concept
of fd passing. I've often wondered if it should but get scared
of the mechanism's complexity when used across machines.
> If that technique is not viable, is there perhaps another mechanism
> that can be used analogously? An existing example would be a nice
> pointer.
You can post the fd into /srv and pass a pointer to that. Currently,
one can't change the owner of /srv files, but it should.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Copying pushtls(2)
2003-08-08 13:29 ` David Presotto
@ 2003-08-08 13:39 ` Lucio De Re
0 siblings, 0 replies; 8+ messages in thread
From: Lucio De Re @ 2003-08-08 13:39 UTC (permalink / raw)
To: 9fans
On Fri, Aug 08, 2003 at 09:29:25AM -0400, David Presotto wrote:
>
> Not really. It only works in tls/ssl/srv because the driver is
> really running in the context of the process, i.e., its not really
> fd passing, just using your own fd's. 9P doesn't have a concept
> of fd passing. I've often wondered if it should but get scared
> of the mechanism's complexity when used across machines.
>
That's the point that forsyth raises as well. It seems to me that one
ought to pass around more than just a numeric file descriptor and that
the right choice of representation would eliminate ambiguities and
potential failures. But it's just a gut feel.
> You can post the fd into /srv and pass a pointer to that. Currently,
> one can't change the owner of /srv files, but it should.
Sounds excellent. Then I would effectively:
echo svc /srv/svc > /dev/filter/0/ctl
to achieve the desired result? I can certainly try that. Thank you.
++L
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Copying pushtls(2)
2003-08-08 12:35 [9fans] Copying pushtls(2) Lucio De Re
2003-08-08 13:29 ` David Presotto
@ 2003-08-08 13:42 ` C H Forsyth
2003-08-08 13:51 ` David Presotto
1 sibling, 1 reply; 8+ messages in thread
From: C H Forsyth @ 2003-08-08 13:42 UTC (permalink / raw)
To: 9fans
i'm not sure it works completely even for the kernel devices, for instance
if such a device is exported and a remote process tries to use it.
in another system, i tried to apply the rule that things appear
in the name space if and only if they are thereby distributable,
and otherwise they are local and manipulated through system calls.
that often helped determine what the system calls were.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Copying pushtls(2)
2003-08-08 13:42 ` C H Forsyth
@ 2003-08-08 13:51 ` David Presotto
2003-08-08 13:51 ` Lucio De Re
0 siblings, 1 reply; 8+ messages in thread
From: David Presotto @ 2003-08-08 13:51 UTC (permalink / raw)
To: 9fans
I'm not sure which message you are responding to. It is definitely
true that devsrv, devtls, and devssl cannot have fd's passed to them
by remote systems.
I agree that I screwed up when I copied the devsrv semantics into
devtls and devssl. It's convenient but not distributable. In
fact, now that I think of it, its probably a security hole since
exportfs doesn't really know what's going on under it and you can
hijack its fd's through #D, #s, and #a.
Proof that a useful hack is still a hack and probably a bad idea.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Copying pushtls(2)
2003-08-08 13:51 ` David Presotto
@ 2003-08-08 13:51 ` Lucio De Re
2003-08-08 14:19 ` David Presotto
0 siblings, 1 reply; 8+ messages in thread
From: Lucio De Re @ 2003-08-08 13:51 UTC (permalink / raw)
To: 9fans
On Fri, Aug 08, 2003 at 09:51:21AM -0400, David Presotto wrote:
>
> I agree that I screwed up when I copied the devsrv semantics into
> devtls and devssl. It's convenient but not distributable. In
> fact, now that I think of it, its probably a security hole since
> exportfs doesn't really know what's going on under it and you can
> hijack its fd's through #D, #s, and #a.
>
Hm, it's hard to live without #s, what does it need not to be a
security risk? Some rendez-vous rules like in changing the group of a
file?
++L
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Copying pushtls(2)
2003-08-08 13:51 ` Lucio De Re
@ 2003-08-08 14:19 ` David Presotto
2003-08-08 14:32 ` Lucio De Re
0 siblings, 1 reply; 8+ messages in thread
From: David Presotto @ 2003-08-08 14:19 UTC (permalink / raw)
To: 9fans
On Fri Aug 8 10:07:35 EDT 2003, lucio@proxima.alt.za wrote:
> On Fri, Aug 08, 2003 at 09:51:21AM -0400, David Presotto wrote:
> >
> > I agree that I screwed up when I copied the devsrv semantics into
> > devtls and devssl. It's convenient but not distributable. In
> > fact, now that I think of it, its probably a security hole since
> > exportfs doesn't really know what's going on under it and you can
> > hijack its fd's through #D, #s, and #a.
> >
> Hm, it's hard to live without #s, what does it need not to be a
> security risk? Some rendez-vous rules like in changing the group of a
> file?
That's not the problem. It's the fact that you can create in /srv.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Copying pushtls(2)
2003-08-08 14:19 ` David Presotto
@ 2003-08-08 14:32 ` Lucio De Re
0 siblings, 0 replies; 8+ messages in thread
From: Lucio De Re @ 2003-08-08 14:32 UTC (permalink / raw)
To: 9fans
On Fri, Aug 08, 2003 at 10:19:42AM -0400, David Presotto wrote:
>
> That's not the problem. It's the fact that you can create in /srv.
These issues are much too subtle for me.
I can only guess that I can post to /srv an open fd with a set of
brand new ownerships? I'll put the matter on hold until I have a
chance to try it out, I'll never grasp an explanation at the cerebral
level that gets exhibited here :-(
++L
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2003-08-08 14:32 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-08 12:35 [9fans] Copying pushtls(2) Lucio De Re
2003-08-08 13:29 ` David Presotto
2003-08-08 13:39 ` Lucio De Re
2003-08-08 13:42 ` C H Forsyth
2003-08-08 13:51 ` David Presotto
2003-08-08 13:51 ` Lucio De Re
2003-08-08 14:19 ` David Presotto
2003-08-08 14:32 ` Lucio De Re
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).