standard-ai / sendfd Goto Github PK
View Code? Open in Web Editor NEWSend file descriptors over unix sockets in Rust
License: Apache License 2.0
Send file descriptors over unix sockets in Rust
License: Apache License 2.0
Pardon me, I didn't test this, but I think sendfd's tokio integration is not implemented in a way that is compatible with its internal readiness tracking.
When one is using RecvWithFd
, they will probably keep calling recv_with_fd
until it returns WouldBlock
. However this has an issue that tokio is not aware of this returned WouldBlock
: as a result, it will keep assuming that the socket is ready to read, unless a call to tokio's poll_read
function is made. If it's an situation where every message can contain an fd, then we can't call tokio's poll_read
, because if the read is success, the kernel would close the fds that should have been received, because tokio uses readv()
.
The tokio APIs uses internal functions that clears readiness flags when WouldBlock
is encountered:
But again, I don't think sendfd is able to call into this API.
The same applies to SendWithFd
to some extent, although sendmsg
on a Unix socket should rarely block so it might "appear" to work.
So I don't think the tokio integration really works; can anyone confirm that?
Regarding the comment and unreachable!()
in
Lines 155 to 164 in 69994c1
I am using sendfd
in a new project. While researching the actual semantics of fd-passing, I found Kenton Varda's excellent summary of the subtleties and dangers: https://gist.github.com/kentonv/bc7592af98c68ba2738f4436920868dc
In particular:
The CMSG_SPACE() macro is intended to help you decide how much space to allocate to receive an ancillary message. It rounds up its calculation to the next word boundary. Unfortunately, on 64-bit systems, this means you will always end up with enough space for an even number of file descriptors. If you were expecting just one FD, you'll end up with enough buffer space to receive two. You MUST check whether you received two and close the second one, otherwise, again, an attacker can fill up your FD table.
That implies that calling recvmsg expecting one fd will panic if two are actually sent.
I have not tried to reproduce this issue in a test.
It looks like v0.4.1 is ready but not available on crates.io right now.
Would you mind doing a release?
Also, Git tag seems to be missing for v0.4.0 and v0.4.1.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.