[cap-talk] Building a bridge: library API's and file descriptors?

Bill Frantz frantz at pwpconsult.com
Wed Feb 4 17:47:12 EST 2009

capibara at xs4all.nl (Rob Meijer) on Wednesday, February 4, 2009 wrote:

>The solution seems simple, get the library vendors to extend their API to
>accept file descriptors. File descriptors can be communicated between
>unconfined and confined processes like capabilities, allowing applications
>to confine their untrusted library usage if these libraries have an API
>that accepts file descriptors instead of or next to paths, network
>addresses and URL's.

I have been working with the OpenSSL library to implement a web server in
CapROS. Using this library is a bit exciting in CapROS, since there is
nothing like a file system in sight. Fortunately, the OpenSSL library
provides the BIO abstraction
<http://www.openssl.org/docs/crypto/bio.html#>, which can be used to run
the library using your code for all I/O. More detail about how this is done
is in the example on <http://www.openssl.org/docs/crypto/BIO_s_bio.html#>.

Getting it all to work is a bit klunky, since there are no call backs, but
it is does work. (If there were call backs, they would bring their own
problems, so I am not suggesting them as an improvement.)

Part of the problem here is the *nix model that says, "Everything is a
file". This assumption even pervades Rob's solution using file descriptors
instead of file names. Both assume that the world bottoms out in files.

You can even see this world-view in the ANSI C standard (ANSI/IOS
9899-1990), where fprintf is considered fundamental, printf is
fprinf(stdout, ...), and sprintf is kind of a afterthought (and prone to
buffer overruns as well). A different layering would have the fundamental
formating tool be sprintf, with a maximum string length parameter, and that
would be used to format the data. fprintf would be described as a use of
sprintf, and printf as a use of fprintf.

Cheers - Bill

Bill Frantz        | Barack Hussein Obama, President of the United States.
408-356-8506       | Now we can return to being a partner with the rest of
www.periwinkle.com | the world.

More information about the cap-talk mailing list