[CRIU] [PATCHv6 5/5] dump: don't dump if children's uids are not equal to client's uid

Pavel Emelyanov xemul at parallels.com
Thu Sep 12 06:36:31 EDT 2013


On 09/12/2013 01:00 AM, Ruslan Kuprieiev wrote:
> Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
> 


> @@ -773,6 +774,23 @@ static int parse_children(pid_t pid, pid_t **_c, int *_n)
>  				goto err;
>  			ch = tmp;
>  			ch[nr - 1] = atoi(tok);
> +
> +			/*
> +			 * Don't dump at all, if client's uid is not equal
> +			 * to child's uid, unless client is root.
> +			 */
> +			if (cr_service_client != NULL) {
> +				struct proc_status_creds cr;
> +				if (parse_pid_status(ch[nr-1], &cr) == -1)

I don't quite like that we parse the status twice (the 2nd one in dump_task_creds).
Do the following -- call the parse_pid_status() early in dump_one_task before doing
anything with the task, then check the uids and pass this structure into dump_creds.

> +					goto err;
> +
> +				if (cr.uids[0] != cr_service_client->uid &&
> +				    cr_service_client->uid != 0) {
> +					pr_perror("Child's uid != client's");
> +					goto err;
> +				}
> +			}
> +
>  			nr++;
>  			tok = strtok(NULL, " \n");
>  		}
> 


More information about the CRIU mailing list