[genivi-dlt] secure DLT daemon implementation

Lipka, Christoph (ADITG/ESA) clipka at de.adit-jv.com
Thu Feb 15 10:12:33 EST 2018


Hi,

> Also could you tell me what's the purpose of the folder /tmp/dltpipes/ with
> named pipes?

The DLT User Library linked to an application will open a named pipe (/tmp/dltpipes/dlt<pid>) to receive messages from DLT daemon (e.g. log level updates or injection messages sent by DLT Viewer).

BTW: We will provide a patch soon that makes it possible to use UNIX socket connections between applications and dlt daemon instead of named fifos.  

> Do you have any recommendations regarding  unix socket /tmp/dlt-ctrl.sock

You could define a "dlt-control" group that is allowed to read/write on the dlt-ctrl socket. This socket is for example used by dlt-control or dlt-logstorage-ctrl socket to send commands to the dlt daemon.

Regards,
Christoph

> -----Ursprüngliche Nachricht-----
> Von: genivi-diagnostic-log-and-trace [mailto:genivi-diagnostic-log-and-trace-
> bounces at lists.genivi.org] Im Auftrag von Oleksandr Popov2
> Gesendet: Donnerstag, 15. Februar 2018 16:02
> An: Anooj Gopi
> Cc: genivi-diagnostic-log-and-trace at lists.genivi.org; genivi-diagnostic-log-
> and-trace
> Betreff: Re: [genivi-dlt] secure DLT daemon implementation
> 
> Hello Anooj,
> 
> Thanks a lot for your reply.
> The mentioned fifo is the named pipe /tmp/dlt,  right?
> Do you have any recommendations regarding  unix socket /tmp/dlt-ctrl.sock
> that seems to be used by the DLT daemon to send control messages to the
> DLT lib client e.g. about allowed log level change?
> Also could you tell me what's the purpose of the folder /tmp/dltpipes/ with
> named pipes?
> 
> Thank you in advance.
> 
> 
> Best regards,
> Oleksandr Popov
> 
> 
> ________________________________
> From: Anooj Gopi <Anooj.Gopi at alpine.de>
> Sent: Thursday, February 15, 2018 3:51:14 PM
> To: Oleksandr Popov2
> Cc: genivi-diagnostic-log-and-trace at lists.genivi.org; genivi-diagnostic-log-
> and-trace
> Subject: Re: [genivi-dlt] secure DLT daemon implementation
> 
> Hi,
> 
> Well that is right. Security has to be considered.
> dlt daemon has to run with a special user. This user should be the only one
> with read permission from the fifo (IPC between dlt lib and daemon).
> 
> Best Regards / Viele Grüße,
> Anooj Gopi
> 
> 
> From:   Oleksandr Popov2 <Oleksandr_Popov2 at epam.com>
> To:     "genivi-diagnostic-log-and-trace at lists.genivi.org" <genivi-diagnostic-
> log-and-trace at lists.genivi.org>,
> Date:   14.02.2018 10:36
> Subject:        [genivi-dlt] secure DLT daemon implementation
> Sent by:        "genivi-diagnostic-log-and-trace" <genivi-diagnostic-log-and-
> trace-bounces at lists.genivi.org>
> 
> ________________________________
> 
> 
> 
> Hi all,
> 
> According to
> https://at.projects.genivi.org/wiki/display/PROJ/Diagnostic+Log+and+Trace,
> the DLT is developed with accordance to AUTOSAR standards and as a result,
> it doesn't care about any security.
> To use the DLT during production phase, it would be great to have security
> mechanisms implemented, e.g to prevent DLT library clients from
> affecting/sniffing other clients and the DLT daemon.
> Do you have any secure DLT implementation/features for using on non-
> AUTOSAR Linux systems?
> 
> Thank you in advance.
> 
> 
> Best regards,
> 
> Oleksandr Popov
> 
> _______________________________________________
> genivi-diagnostic-log-and-trace mailing list genivi-diagnostic-log-and-
> trace at lists.genivi.org
> https://lists.genivi.org/mailman/listinfo/genivi-diagnostic-log-and-trace
> 
> 
> Alpine Electronics R&D Europe GmbH, Vor dem Lauch 14, 70567 Stuttgart,
> Registergericht Stuttgart, HRB 25265
> Geschaeftsfuehrer: Toshinori Kobayashi, Koichi Endo Working office:
> Wilhelm-Wagenfeld-Str. 1-3, 80807 Muenchen
> 
> ATTENTION: This e-mail and any files transmitted with it may be privileged
> and/or confidential, and are intended solely for the use of the individual or
> entity to whom this e-mail is addressed. If you are not one of the named
> recipients or otherwise have reason to believe that you have received this e-
> mail in error, please notify the sender and delete this message immediately
> from your computer. We thank you for your cooperation.
> _______________________________________________
> genivi-diagnostic-log-and-trace mailing list genivi-diagnostic-log-and-
> trace at lists.genivi.org
> https://lists.genivi.org/mailman/listinfo/genivi-diagnostic-log-and-trace


More information about the genivi-diagnostic-log-and-trace mailing list