Skip to content

feat: Add secure input only channel for data streaming #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
MoeMahhouk wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: Add secure input only channel for data streaming #77

MoeMahhouk wants to merge 1 commit into from

Conversation

@MoeMahhouk
Copy link
Member

@MoeMahhouk MoeMahhouk commented Jan 19, 2026

Summary

  • Add secure FIFO-based input channel for streaming data to searcher containers
  • Implement security-hardened feed-data command with authentication and validation
  • Add systemd service for automatic FIFO setup with proper ownership controls

Security Features

  • Root-owned FIFO: Prevents tampering and symlink attacks
  • Read-only container mount: Container cannot modify the input channel
  • SSH authentication: Leverages existing searcher SSH access
  • Rate limiting: 100MB/s limit prevents accidental DoS
  • Ownership validation: Strict checks prevent security bypasses

Implementation Details

  • New feed-data command in searchersh.c for authenticated data streaming
  • setup-input-fifo.sh creates secure FIFO with proper permissions
  • feed-data-helper handles the actual data transfer with security validation
  • Added pv package for rate limiting and progress monitoring
  • Systemd service ensures FIFO is ready before container starts

Usage

# Stream data to searcher container
cat data.json | ssh searcher@<vm ip> feed-data

# Continuous streaming (no timeout)
your-data-generator | ssh searcher@host feed-data

@MoeMahhouk
Add secure input channel for searcher data streaming
4b0b29a 
  Implement a hardened FIFO-based data feed system that allows authenticated
  searchers to stream data directly into containers with security controls:
  - Root-owned FIFO prevents tampering and symlink attacks
  - Rate limiting (100MB/s) prevents accidental DoS
  - Read-only container mount prevents modification
  - Continuous streaming support without timeouts
  - SSH authentication + sudo escalation for secure access
@MoeMahhouk MoeMahhouk force-pushed the moe-secure-input-channel branch from 3368a1f to 4b0b29a Compare January 19, 2026 13:56
@MoeMahhouk MoeMahhouk changed the title Feat: Add secure input only channel for data streaming feat: Add secure input only channel for data streaming Jan 19, 2026
Ruteri
Ruteri reviewed Jan 19, 2026
View reviewed changes
bob-common/mkosi.extra/usr/bin/feed-data-helper
# Rate limit and pipe stdin to FIFO
# No timeout - this is a continuous stream that runs until:
# - The sender closes the connection (EOF)
# - The container stops reading (SIGPIPE)
Copy link
Contributor

@Ruteri Ruteri Jan 19, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can the searcher influence this, leaking data through how they read the data? Might be fine, but I would also worry about the rate limit

Copy link
Member Author

@MoeMahhouk MoeMahhouk Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no they can't because this is set by the host-os and not the searcher.
I added the rate-limit just to avoid self DoSing but ofc we can relax it even more or remove it fully while documenting/communicating it with the searcher to keep an eye on the ingress

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ruteri Ruteri Ruteri left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MoeMahhouk @Ruteri