All geek questions in one place

Remote Python procedure call (no remote part)

I have a Python server that does not work as root, which stands for the application that I am developing. However, there are some application features that require access to RAW sockets, which means root privileges.

Obviously, I don’t want to start the main server as root, so my solution is to create a daemon process or a command line script that runs as root, providing secure access to the specified functions.

However, I want to disable the stdin / stdout connection and use an RPC interaction style such as Pyro . But this provides an RPC interface to everyone who has network access to the machine, while I know that a process that calls RPC methods will be a different process on the same machine.

Is there any standard method for processing interprocess procedures that can be used in a similar one (only for the local machine)? I suppose the server is doing something like this:

# Server not running as root pythonically, returned, values = other_process_running_as_root.some_method()

And the process running as root exposing the method:

 # Daemon running as root @expose_this_method def some_method(): # Play with RAW sockets return pythonically, returned, values

Is this possible?

+4
source share
3 answers

Following my comment, I was interested to know if this is possible, so I decided to put it together: https://github.com/takowl/ZeroRPC

Keep in mind that this is reset together after an hour or so, so it is almost certainly inferior to any serious decision (for example, any errors on the server side will break it ...). But it works as you suggested:

Server:

 rpcserver = zerorpc.Server("ipc://myrpc.ipc") @rpcserver.expose def product(a, b): return a * b rpcserver.run()

Customer:

 rpcclient = zerorpc.Client("ipc://myrpc.ipc") print(rpcclient.product(5, 7)) rpcclient._stopserver()
+3
source

This is not an easy task. You should be able to get what you want from any RPC engine that can use Unix sockets, or use regular TCP sockets, but only accept connections from the loopback interface (listen to 127.0.0.1).

The multiprocessor library in the Python standard library also supports local IPC. http://docs.python.org/library/multiprocessing.html#module-multiprocessing.connection

+2
source

Pyro has a number of security features specifically to restrict access to the RPC interface. Are these too heavy a load to use?

0
source

Source: https://habr.com/ru/post/1336496/

More articles:


All Articles