6

I have a Python server which is not running as root, which fronts an application I am developing. However there are some application features which require access to RAW sockets which means root privileges.

Obviously I do not want to run the main server as root, and so my solution is to create a daemon process or command line script which runs as root providing guarded access to said features.

However I want put aside stdin/stdout communication and use an RPC style of interaction such as Pyro. But this exposes the RPC interface to anyone with network access to the machine, whereas I know that the process calling the RPC methods will be another process on the same machine.

Is there not a sort of inter-process procedure call standard which could be used in a similar (local machine only) fashion? I imagine the server doing something like this:

# Server not running as root
pythonically, returned, values = other_process_running_as_root.some_method()

And the process running as root exposing a method:

# Daemon running as root
@expose_this_method
def some_method():
 # Play with RAW sockets
 return pythonically, returned, values

Is anything like this possible?

joeforker
42.1k41 gold badges159 silver badges259 bronze badges
asked Jan 21, 2011 at 17:07
1
  • I don't know of anything pre-written, but I think it would be easy enough to implement using a communication layer like zmq, as an abstraction around a request/reply channel. Commented Jan 21, 2011 at 18:23

3 Answers 3

3

Following my comment, I was interested to see if it was possible, so I had a go at putting this together: https://github.com/takowl/ZeroRPC

Bear in mind that this is thrown together in an hour or so, so it's almost certainly inferior to any serious solution (e.g. any errors on the server side will crash it...). But it works as you suggested:

Server:

rpcserver = zerorpc.Server("ipc://myrpc.ipc")
@rpcserver.expose
def product(a, b):
 return a * b
rpcserver.run()

Client:

rpcclient = zerorpc.Client("ipc://myrpc.ipc")
print(rpcclient.product(5, 7))
rpcclient._stopserver()
answered Jan 21, 2011 at 21:12
Sign up to request clarification or add additional context in comments.

Comments

2

This is an easy problem. You should be able to get what you want from any RPC mechanism that can use Unix sockets, or use regular TCP sockets but only accept connections from the loopback interface (listen on 127.0.0.1).

The multiprocessing library in the Python standard library supports local IPC, too. http://docs.python.org/library/multiprocessing.html#module-multiprocessing.connection

answered Jan 21, 2011 at 21:50

Comments

0

Pyro has a number of security features specifically to limit the access to the RPC interface. Are these too much of a performance burden to use?

answered Jan 21, 2011 at 20:42

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.