[CRIU] [PATCH]v2 security: set suid flag on crtools and check real uid on dump/restore

Ruslan Kuprieiev kupruser at gmail.com
Wed Oct 2 09:52:13 PDT 2013 

On 02.10.2013 17:00, Ruslan Kuprieiev wrote:
> Hi!
>
> Lets set suid flag on crtools, so non-root users could dump/restore 
> their own tasks and start service for their own tasks. On start criu 
> will get it's real uid and will allow user to dump/restore only tasks 
> that he own.
>
> Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
v2: remove redundant functions and variables.

Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
-------------- next part --------------
---
diff --git a/Makefile b/Makefile
index 0834277..8c75e92 100644
--- a/Makefile
+++ b/Makefile
@@ -166,6 +166,7 @@ PROGRAM-BUILTINS	+= $(ARCH_DIR)/vdso-pie.o
 $(PROGRAM): $(SYSCALL-LIB) $(ARCH-LIB) $(PROGRAM-BUILTINS)
 	$(E) "  LINK    " $@
 	$(Q) $(CC) $(CFLAGS) $^ $(LIBS) $(LDFLAGS) -o $@
+	$(Q) chmod u+s $@
 
 zdtm: all
 	$(Q) $(MAKE) -C test/zdtm all
diff --git a/cr-restore.c b/cr-restore.c
index 3debcbe..8c7389c 100644
--- a/cr-restore.c
+++ b/cr-restore.c
@@ -1957,6 +1957,9 @@ static int prepare_creds(int pid, struct task_restore_core_args *args)
 		return -1;
 	}
 
+	if (!may_restore_uid(ce->uid))
+		return -1;
+
 	args->creds = *ce;
 	args->creds.cap_inh = args->cap_inh;
 	memcpy(args->cap_inh, ce->cap_inh, sizeof(args->cap_inh));
diff --git a/crtools.c b/crtools.c
index ebab052..10d6d20 100644
--- a/crtools.c
+++ b/crtools.c
@@ -72,6 +72,7 @@ int main(int argc, char *argv[])
 	BUILD_BUG_ON(PAGE_SIZE != PAGE_IMAGE_SIZE);
 
 	cr_pb_init();
+	restrict_uid(getuid());
 
 	if (argc < 2)
 		goto usage;
diff --git a/include/crtools.h b/include/crtools.h
index 8f84f94..ca4dbbb 100644
--- a/include/crtools.h
+++ b/include/crtools.h
@@ -210,5 +210,6 @@ static inline bool pid_rst_prio(unsigned pid_a, unsigned pid_b)
 
 void restrict_uid(unsigned int uid);
 bool may_dump_uid(unsigned int uid);
+bool may_restore_uid(unsigned int uid);
 
 #endif /* __CR_CRTOOLS_H__ */
diff --git a/security.c b/security.c
index caf9dda..8f2a01d 100644
--- a/security.c
+++ b/security.c
@@ -2,7 +2,7 @@
 #include "crtools.h"
 #include "log.h"
 
-static unsigned int dumper_uid = 0;
+static unsigned int cr_uid; /* UID which user can C/R */
 
 /*
  * Setup what user is requesting for dump (via rpc or using 
@@ -14,16 +14,33 @@ static unsigned int dumper_uid = 0;
 void restrict_uid(unsigned int uid)
 {
 	pr_info("Restrict C/R with %u uid\n", uid);
-	dumper_uid = uid;
+	cr_uid = uid;
+}
+
+static bool check_uid(unsigned int uid)
+{
+	if (cr_uid == 0)
+		return true;
+	if (cr_uid == uid)
+		return true;
+
+	return false;
 }
 
 bool may_dump_uid(unsigned int uid)
 {
-	if (dumper_uid == 0)
+	if (check_uid(uid))
 		return true;
-	if (dumper_uid == uid)
+
+	pr_err("UID (%u) != dumper's UID(%u)\n", uid, cr_uid);
+	return false;
+}
+
+bool may_restore_uid(unsigned int uid)
+{
+	if (check_uid(uid))
 		return true;
 
-	pr_err("UID (%u) != dumper's UID(%u)\n", uid, dumper_uid);
+	pr_err("UID (%u) != restorer's UID(%u)\n", uid, cr_uid);
 	return false;
 }

More information about the CRIU mailing list