Authentication mechanism

[Michael Mihn-Jong Lee]

Hello team,

What's the authentication mechanism between the host and the sandboxed lib?

According to the overview diagram, the host and the sandboxed lib are communicated via RPC on IPC, but I can't find any info about the authentication. Is the sandboxed lib allowing any access from other processes than the host, or is there a specific mechanism to only allow the traffic from the host process?

Thanks,

Michael

[Robert Swiecki]

Hi,

The communication happens over unix sockets (created with socketpair()). Processes working with the same or a higher privilege level (i.e. the same user or root-level process) will have access to this socket (multiple ways to do that, eg. opening /proc/<pid>/fd/<no> or using ptrace). Other processes (running under different uids) won't.

HTH

--
You received this message because you are subscribed to the Google Groups "sandboxed-api-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sandboxed-api-u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sandboxed-api-users/ea1c2cc2-c293-4d70-8932-e2ca389da758n%40googlegroups.com.

--

Robert Święcki

[Michael Mihn-Jong Lee]

Thanks for the response!

To view this discussion on the web visit https://groups.google.com/d/msgid/sandboxed-api-users/CAP145piinhLGJOQWSST9dK7VHz6fUatnKHF7eQfZsk2ByQj9hg%40mail.gmail.com.