Design Question about implementing RPC on top of IPC

Sid Agrawal siagraw at cs.ubc.ca
Mon Apr 25 20:25:39 CEST 2022 

Hi Norm

On Mon, Apr 25, 2022 at 2:34 AM Norman Feske <norman.feske at genode-labs.com>
wrote:

> [CAUTION: Non-UBC Email]
>
> Hallo,
>
> the issue was discussed in 2014 on the se14 mailing list:
>
>
> https://lists.sel4.systems/hyperkitty/list/devel@sel4.systems/thread/I3AYF2AMRIRAMTCBMRENP7TVTH6RDCJQ/
>
> Thanks. This is such a Deja Vu. I have not read the entire post, but I
feel like it will answer my questions.


> We worked around it by associating a system-globally unique ID value
> with each object, using this value as badge, and sharing it with the
> client. Upon calling the server, the client supplies this value along
> with the actual capability. At the server side, the (potentially forged)
> value serves as a hint that allows the server to look up the object and
> compare the value with the real badge of the addressed object.
>
> This approach maintains the notion of capabilities being unforgeable on
> se14. However, since globally unique IDs are shared with the client, the
> approach is in principle prone to covert information flow - by the means
> of ID allocation influenced by two conspiring components.
>
> This lines up precisely with my understanding from reading the Genode code.
The crux of it being - "*using this value as badge, and sharing it with the
client".*

I also completely agree with the security pitfalls you mentioned.  Quite
exciting to know that I am on the right track in terms of using and hitting
the limits of the seL4 API. I will read up the exchange and follow up if
needed.

Thanks a ton!!

Sid


> As far as I know, this use case remained unaddressed by se14. But I have
> admittedly not followed recent developments.
>
> Genode's custom base-hw kernel supports this use case.
>
> Norman
>
> --
> Dr.-Ing. Norman Feske
> Genode Labs
>
> https://www.genode-labs.com · https://genode.org
>
> Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
> Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
>
> _______________________________________________
> Genode users mailing list
> users at lists.genode.org
> https://lists.genode.org/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20220425/b76a58b1/attachment.htm>

More information about the users mailing list