WEBcodeX1
diff --git a/‎src/ASProcessHandler.cpp‎
Lines changed: 1 addition & 4 deletions b/‎src/ASProcessHandler.cpp‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎src/Global.hpp‎
Lines changed: 113 additions & 9 deletions b/‎src/Global.hpp‎
Lines changed: 113 additions & 9 deletions
diff --git a/‎src/ResultProcessor.cpp‎
Lines changed: 41 additions & 7 deletions b/‎src/ResultProcessor.cpp‎
Lines changed: 41 additions & 7 deletions
diff --git a/‎src/ResultProcessor.hpp‎
Lines changed: 2 additions & 1 deletion b/‎src/ResultProcessor.hpp‎
Lines changed: 2 additions & 1 deletion
@@ -119,14 +119,11 @@ void ASProcessHandler::forkProcessASHandler(ASProcessHandlerSHMPointer_t SHMAdre
                     ERR("Cannot change dir to BackendRootPath Path:" << BackendRootPath.c_str());
                 }
 
-                //- get parent pid filedescriptor
-                pidfd_t ParentPidFD = Syscall::pidfd_open(getppid(), 0);
-
                 const char* Env1 = std::getenv("PATH");
                 const char* Env2 = std::getenv("PYTHONPATH");
 
                 DBG(120, "Process PATH:" << Env1 << " PYTHONPATH:" << Env2);
-                DBG(200, "Child ASProcessHandler Process PID:" << getpid() << " ParentPidFD:" << ParentPidFD);
+                DBG(200, "Child ASProcessHandler Process PID:" << getpid());
 
                 //- initialize backend
                 Backend::Processor::init(this);
 
@@ -3,12 +3,15 @@
 
 #include <csignal>
 #include <string>
+#include <cstring>
 #include <unordered_map>
 #include <vector>
 #include <exception>
 #include <cstdlib>
 
 #include <sys/syscall.h>
+#include <sys/socket.h>
+#include <sys/un.h>
 #include <unistd.h>
 #include <execinfo.h>
 
@@ -19,7 +22,6 @@ using namespace std;
 
 
 typedef unsigned int Filedescriptor_t;
-typedef unsigned int pidfd_t;
 
 typedef uint16_t HTTPVersionType_t;
 typedef uint16_t HTTPMethodType_t;
@@ -53,7 +55,7 @@ class Signal {
 
 public:
 
-    //- disable unwanted signal handlers (SIGINT, SIGPIPE)
+    // disable unwanted signal handlers (SIGINT, SIGPIPE)
     static void disableSignals()
     {
         signal(SIGINT,  SIG_IGN);
@@ -67,16 +69,118 @@ class Syscall {
 
 public:
 
-    //- wrapper function for pidfd_open
-    static int pidfd_open(pid_t pid, unsigned int flags)
+    // unix domain socket for FD passing - server side (parent process)
+    static int createFDPassingServer(const char* socket_path)
     {
-        return syscall(SYS_pidfd_open, pid, flags);
+        int server_fd = socket(AF_UNIX, SOCK_SEQPACKET, 0);
+        if (server_fd < 0) {
+            return -1;
+        }
+
+        // remove any existing socket file
+        unlink(socket_path);
+
+        struct sockaddr_un server_addr;
+        memset(&server_addr, 0, sizeof(server_addr));
+        server_addr.sun_family = AF_UNIX;
+        strncpy(server_addr.sun_path, socket_path, sizeof(server_addr.sun_path) - 1);
+
+        if (bind(server_fd, (struct sockaddr*)&server_addr, sizeof(server_addr)) < 0) {
+            close(server_fd);
+            return -1;
+        }
+
+        if (listen(server_fd, 50) < 0) {
+            close(server_fd);
+            return -1;
+        }
+
+        return server_fd;
     }
 
-    //- wrapper function for pidfd_getfd
-    static int pidfd_getfd(int pidfd, int targetfd, unsigned int flags)
+    // unix domain socket for FD passing - client side (child process)
+    static int connectFDPassingClient(const char* socket_path)
     {
-        return syscall(SYS_pidfd_getfd, pidfd, targetfd, flags);
+        int client_fd = socket(AF_UNIX, SOCK_SEQPACKET, 0);
+        if (client_fd < 0) {
+            return -1;
+        }
+
+        struct sockaddr_un server_addr;
+        memset(&server_addr, 0, sizeof(server_addr));
+        server_addr.sun_family = AF_UNIX;
+        strncpy(server_addr.sun_path, socket_path, sizeof(server_addr.sun_path) - 1);
+
+        if (connect(client_fd, (struct sockaddr*)&server_addr, sizeof(server_addr)) < 0) {
+            close(client_fd);
+            return -1;
+        }
+
+        return client_fd;
+    }
+
+    // send a file descriptor over Unix domain socket
+    static int sendFD(int socket_fd, int fd_to_send)
+    {
+        struct msghdr msg;
+        struct iovec iov[1];
+        char ctrl_buf[CMSG_SPACE(sizeof(int))];
+        char data[1] = {0};
+
+        memset(&msg, 0, sizeof(msg));
+        memset(ctrl_buf, 0, sizeof(ctrl_buf));
+
+        // Setup iovec for dummy data
+        iov[0].iov_base = data;
+        iov[0].iov_len = sizeof(data);
+
+        msg.msg_iov = iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = ctrl_buf;
+        msg.msg_controllen = sizeof(ctrl_buf);
+
+        struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
+        cmsg->cmsg_level = SOL_SOCKET;
+        cmsg->cmsg_type = SCM_RIGHTS;
+        cmsg->cmsg_len = CMSG_LEN(sizeof(int));
+        *((int*)CMSG_DATA(cmsg)) = fd_to_send;
+
+        if (sendmsg(socket_fd, &msg, 0) < 0) {
+            return -1;
+        }
+
+        return 0;
+    }
+
+    // receive a file descriptor over Unix domain socket
+    static int recvFD(int socket_fd)
+    {
+        struct msghdr msg;
+        struct iovec iov[1];
+        char ctrl_buf[CMSG_SPACE(sizeof(int))];
+        char data[1];
+
+        memset(&msg, 0, sizeof(msg));
+        memset(ctrl_buf, 0, sizeof(ctrl_buf));
+
+        iov[0].iov_base = data;
+        iov[0].iov_len = sizeof(data);
+
+        msg.msg_iov = iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = ctrl_buf;
+        msg.msg_controllen = sizeof(ctrl_buf);
+
+        if (recvmsg(socket_fd, &msg, 0) < 0) {
+            return -1;
+        }
+
+        struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
+        if (cmsg == NULL || cmsg->cmsg_type != SCM_RIGHTS) {
+            return -1;
+        }
+
+        return *((int*)CMSG_DATA(cmsg));
     }
 
 };
@@ -88,7 +192,7 @@ class Permission {
 
     static void dropPrivileges(uint GroupID, uint UserID)
     {
-        //- in case of being root, drop privileges
+        // in case of being root, drop privileges
         if (getuid() == 0) {
 
             if (setgid(GroupID) != 0) {
 
@@ -29,6 +29,26 @@ void ResultProcessor::terminate(int _ignored)
     RunServer = false;
 }
 
+int ResultProcessor::_getFDFromParent(uint16_t fd)
+{
+    // send the requested FD number to the parent
+    if (write(_FDPassingSocketFD, &fd, sizeof(fd)) != sizeof(fd)) {
+        ERR("Failed to send FD request to parent");
+        return -1;
+    }
+
+    // Receive the FD from the parent
+    int received_fd = Syscall::recvFD(_FDPassingSocketFD);
+
+    if (received_fd < 0) {
+        ERR("Failed to receive FD from parent");
+        return -1;
+    }
+    
+    DBG(120, "Received FD:" << received_fd << " from parent for requested FD:" << fd);
+    return received_fd;
+}
+
 void ResultProcessor::setVHostOffsets(VHostOffsetsPrecalc_t VHostOffsets) {
     _VHostOffsetsPrecalc = VHostOffsets;
 }
@@ -56,16 +76,27 @@ pid_t ResultProcessor::forkProcessResultProcessor(ResultProcessorSHMPointer_t SH
 
     if (_ForkResult == 0) {
 
-        //- get parent pid filedescriptor
-        _ParentPidFD = Syscall::pidfd_open(getppid(), 0);
+        //- connect to parent's FD passing server
+        const char* socket_path = "/tmp/falcon-fd-passing.sock";
+        _FDPassingSocketFD = Syscall::connectFDPassingClient(socket_path);
+
+        if (_FDPassingSocketFD < 0) {
+            ERR("ResultProcessor: Failed to connect to FD passing server");
+            exit(1);
+        }
+
+        DBG(120, "ResultProcessor: Connected to FD passing server");
 
         //- overwrite parent termination handler
         setTerminationHandler();
 
         //- spectre userspace protection
         prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0);
 
-        DBG(120, "Child ResultProcessor Process PID:" << getpid() << " ParentPidFD:" << _ParentPidFD);
+        //- drop privileges
+        Permission::dropPrivileges(RUNAS_USER_DEFAULT, RUNAS_GROUP_DEFAULT);
+
+        DBG(120, "Child ResultProcessor Process PID:" << getpid() << " FDPassingSocketFD:" << _FDPassingSocketFD);
         DBG(120, "Child ResultProcessor SharedMemAddress:" << SHMAdresses.StaticFSPtr);
         DBG(120, "Child ResultProcessor Atomic Address:" << StaticFSLock << " Value:" << *(StaticFSLock));
 
@@ -120,7 +151,11 @@ pid_t ResultProcessor::forkProcessResultProcessor(ResultProcessorSHMPointer_t SH
             }
         }
 
-        DBG(-1, "Exit Parent ResultProcessor Process.");
+        DBG(-1, "Parent ResultProcessor closing Unix Domain Socket.");
+
+        close(_FDPassingSocketFD);
+
+        DBG(-1, "Exit parent ResultProcessor process.");
         exit(0);
     }
 }
@@ -151,7 +186,7 @@ void ResultProcessor::_processStaticFSRequests(uint16_t RequestCount)
         getNextAddress(ClientPayloadLength);
         DBG(120, "ClientFD:" << ClientFD << " ReqNr:" << ReqNr << " HTTPVersion:" << HTTPVersion << " PayloadLength:" << ClientPayloadLength << " Payload:'" << ClientPayloadString << "'");
 
-        ClientFD_t ClientFDShared = Syscall::pidfd_getfd(_ParentPidFD, ClientFD, 0);
+        ClientFD_t ClientFDShared = _getFDFromParent(ClientFD);
 
         RequestProps_t Request;
 
@@ -170,7 +205,6 @@ uint16_t ResultProcessor::_processPythonASResults()
 {
     uint16_t processed = 0;
 
-    //for (const auto& Namespace: _Namespaces) {
     for (const auto& Namespace: ConfigRef.Namespaces) {
         for (const auto &Index: _VHostOffsetsPrecalc.at(Namespace.first)) {
             atomic_uint16_t* CanReadAddr = static_cast<atomic_uint16_t*>(getMetaAddress(Index, 0));
@@ -182,7 +216,7 @@ uint16_t ResultProcessor::_processPythonASResults()
                 RequestProps_t Request;
 
                 Request.ClientFD = *(static_cast<ClientFD_t*>(getMetaAddress(Index, 2)));
-                Request.ClientFDShared = Syscall::pidfd_getfd(_ParentPidFD, Request.ClientFD, 0);
+                Request.ClientFDShared = _getFDFromParent(Request.ClientFD);
                 Request.HTTPVersion = *(static_cast<HTTPVersionType_t*>(getMetaAddress(Index, 3)));
                 Request.PayloadLength = *(static_cast<HTTPPayloadLength_t*>(getMetaAddress(Index, 7)));
 
 
@@ -43,9 +43,10 @@ class ResultProcessor : private SHMStaticFS, public CPU, private ResultOrder, pr
     void _processStaticFSRequests(uint16_t);
     inline void _parseHTTPBaseProps(string&);
     uint16_t _processPythonASResults();
+    int _getFDFromParent(uint16_t fd);
 
     pid_t _ForkResult;
-    pidfd_t _ParentPidFD;
+    int _FDPassingSocketFD;
     VHostOffsetsPrecalc_t _VHostOffsetsPrecalc;
 
 };