[CRIU] [PATCHv6 5/5] dump: don't dump if children's uids are not equal to client's uid
Ruslan Kuprieiev
kupruser at gmail.com
Wed Sep 11 17:00:44 EDT 2013
Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
-------------- next part --------------
diff --git a/cr-dump.c b/cr-dump.c
index f55bf02..2ec795c 100644
--- a/cr-dump.c
+++ b/cr-dump.c
@@ -64,6 +64,7 @@
#include "vdso.h"
#include "page-pipe.h"
#include "vdso.h"
+#include "cr-service.h"
#include "asm/dump.h"
@@ -773,6 +774,23 @@ static int parse_children(pid_t pid, pid_t **_c, int *_n)
goto err;
ch = tmp;
ch[nr - 1] = atoi(tok);
+
+ /*
+ * Don't dump at all, if client's uid is not equal
+ * to child's uid, unless client is root.
+ */
+ if (cr_service_client != NULL) {
+ struct proc_status_creds cr;
+ if (parse_pid_status(ch[nr-1], &cr) == -1)
+ goto err;
+
+ if (cr.uids[0] != cr_service_client->uid &&
+ cr_service_client->uid != 0) {
+ pr_perror("Child's uid != client's");
+ goto err;
+ }
+ }
+
nr++;
tok = strtok(NULL, " \n");
}
More information about the CRIU
mailing list