[okl4-developer] OKL4 v2.1: about thread identifiers

[Joshua Root]

Frank Kaiser wrote:
> The client using my SPI server should
> register to the server. When the client initiates a data exchange,
> then the server shall check that it is coming from the registered
> client. Furthermore the server shall return a notification after the
> data exchange is completed, so that the client need not to block on
> the data exchange call. For both purposes the server needs the true
> thread id of the caller. Since the IPC syscall does not provide it
> anymore, and the reply cap is a one-shot feature, I had to add an
> additional parameter carrying the thread id to my IDL4 interface
> specification. However, this approach has the shortcoming, that the
> client id is not maintained by the system, allowing any other client
> interfering with the connection by using a wrong thread id (the one,
> belonging the the true client). This not only creates an unwanted
> error possibility, but also a security hole, since the server cannot
> reliably recognize that it receives commands from the right client. 
> This way I cannot see that the reply cap feature in its current stage
> is an enhancement with respect to system security.

Frank,

You could try using L4_SenderSpace() to distinguish between clients by
their space id. Also, presumably there must be a trusted component
involved in starting the clients, so you could have it register the
clients with the server instead of the clients registering themselves.
It could supply the server with capabilities to the clients, and inform
it of their corresponding space ids.

- Josh