FastRPC
FastRPC is a small, prototype piece of code that implements a local-only RPC
transport. Compared to systems like CORBA or DCOM it sacrifices network
transparency, language neutrality and portability to implement a small, fast and
easy to use RPC framework for C/C++ programs.
An example of how to use it:
static int foo(int a, char **b) { ... } /* implementation of a
function in one C file */
static rpc_call dispatch_table[] = { (rpc_call) &foo, NULL };
RPC_PROXY("foo", 1); /* define the proxy in another C file (where it's
used) */
.....
char *str = NULL;
int result = foo(42, &str); /* stack access is allowed, and a
shared heap is provided */
That's it. There are no IDL compilers and extraneous typing is kept to a
minimum. The code, once using RPC, looks much like it did originally. To pull
this off various low level tricks are used - this is the reason FastRPC
optimises for low code impact over portability.
FastRPC is designed for only one use case - splitting monolithic programs into
multiple co-operating processes that can be confined by a kernel security
framework like SELinux
or
AppArmor.
For instance, it could be used to separate an image decoder out of an instant
messenger so that an attack using corrupted image files would not grant the
attacker all the privileges the chat program posesses. A sample showing a simple
image viewer program that does this is included. This work was directly inspired
by Colin Walters and his
IMsep
project.
This code suffers many limitations - it was written for a university
dissertation and was therefore implemented only as far as necessary to get a
good mark. It is not portable at all, not thread safe, not 64 bit safe, and
documented only in the example program, header file and accompanying report. It
is not "library-ized" in the standard GNU fashion. It has only been tested on
Linux with gcc.
The rationale and design of FastRPC is discussed more in the report,
"Security
oriented fast RPC".
Get the code.
To do list:
-
Port to more architectures/compilers/operating systems
-
Multi-threading support
-
Finish off the stack protection work so a compromised slave process cannot
modify the stack bases and force the master to jump back into the stack
-
Eliminate the master/slave relationship and so fully support callbacks from
low to high privileged code
-
Make the shared heap not suck
-
Many, many more ...
I don't intend to work on this again. If you find it useful please let me know.
This code is GPL licensed.