Unix FD Passing

[Lennart Poettering]

On Wed, 20.05.09 23:34, Thiago Macieira (thiago at kde.org) wrote:

> Havoc Pennington wrote:
> >Hi,
> >
> >On Wed, May 20, 2009 at 4:39 PM, Lennart Poettering <mzqohf at 0pointer.de> 
> wrote:
> >> I am not sure I fully understood your question, but I think generic
> >> demarshalling code like that wouldn't make sense anyway. Because in
> >> contrast to other fixed data types unix fds are special: you need to
> >> close() them after use.
> >
> >Hmm, I think such code does exist now though (I think the Qt bindings do
> > it?)
> 
> More or less. Right now, the demarshaller code will just ignore types it 
> doesn't know and print a warning. However, there's also a 
> "transmarshaller" code that copies from one DBusMessage into another and I 
> think that's the one you're referring to.
> 
> It's basically a loop around a DBusMessageIter until it returns false: if 
> the element is a basic type, it uses dbus_message_iter_get_basic and 
> dbus_message_iter_append_basic. If the element is an array and its type is 
> of fixed size, it uses dbus_message_iter_get_fixed_array and 
> dbus_message_iter_append_fixed_array. Otherwise, it enters the element and 
> recurses.

Qt should verify the types more closely before it does this. Trying to
do generic code like that is doomed to fail anyway: don't try to
generically handle data you don't understand. Simply because of
security reasons: after all this is untrusted data. You need to know
what you are touching.

> With the introduction of FD passing, this code will probably start leaking 
> fds.

Yes, definitely.

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4