Reputation: 463
Access control to shared memory
I guess this question is directed at Linux/Unix system programming experts (unfortunately I am not one of that kind, yet ;)).
I am building a system, which runs on Linux/Unix, multi-core machine, in which processes communicate with each other through shared memory (speed is important - minimum calls into the kernel as possible). Shared memory "channels" for communication are dynamically created when a process requests to communicate with another one - each process has a listening thread that is receiving and "accepting" these requests and then creating/initializing shared memory channels. For processes a and b, two channels (shared memory regions) are created - one channel is used as "output" from a and "input" to b and the other vice versa.
When the communication channels are created it is imperative that process a has R/W access to its corresponding "output" channel and only R access to its corresponding "input" channel. Other processes must not be able to obtain W access to the channels shared between other pairs of processes (preferably they should not even have R access).
What solution can you suggest?
I was thinking about:
- defining my own system calls (not preferable at the moment)
- using file permissions inherent to the file-system to impose this access rights
For the 2nd solution, idea is to run processes under different user IDs and use dynamic creation of groups for each process pair and assigning file permission to each shared memory descriptor accordingly (R to group, R/W to the writer process, - to the rest).
Is the 2nd solution feasible? Are there any better solutions (e.g. which involve some system calls am I not aware of)?
Thank you very much for your time and help.
Upvotes: 4
Views: 7251
Answers (1)
Reputation: 239211
You cannot use groups to do this, because it isn't possible to add supplementary groups to an already-running process. However, the user-based mechanism will work fine.
Run each process under its own uid. To create a shared memory channel, the sending side creates a shared memory object with shm_open(), specifying O_RDWR | O_CREAT | O_EXCL and mode 0600. Thus it is the only process with it open, and only its uid is allowed to open it. The sending side then opens a second file descriptor for the same shared memory segment, this time using O_RDONLY. It sends this second, read-only file descriptor to the receiving process, using a SCM_RIGHTS message over a unix domain socket. It can then close the read-only file descriptor.
The sending process and recieving process then mmap() the shared memory. The receiving process has read-only access, and does not have the rights to upgrade it to read-write. No other processes can open it at all.
Upvotes: 4
Related Questions
- Shared Memory in C (sysV)
- How do you block shared memory access until it is ready?
- Linux IPC: shared memory recovery
- IPC using shared memory in C
- Using Buffer Created by Shared memory Over IPC in Linux
- Implementing shared memory without root privilege
- Who can share shared memory in Linux?
- IPC - Shared Programming Program in Linux
- Shared memory marked as virtual memory?
- Linux Shared Memory