[CRIU] [PATCHv6 5/5] dump: don't dump if children's uids are not equal to client's uid
Ruslan Kuprieiev
kupruser at gmail.com
Thu Sep 12 17:31:46 EDT 2013
On 09/12/2013 02:36 PM, Pavel Emelyanov wrote:
> On 09/12/2013 01:00 AM, Ruslan Kuprieiev wrote:
>> Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
>>
>
>> @@ -773,6 +774,23 @@ static int parse_children(pid_t pid, pid_t **_c, int *_n)
>> goto err;
>> ch = tmp;
>> ch[nr - 1] = atoi(tok);
>> +
>> + /*
>> + * Don't dump at all, if client's uid is not equal
>> + * to child's uid, unless client is root.
>> + */
>> + if (cr_service_client != NULL) {
>> + struct proc_status_creds cr;
>> + if (parse_pid_status(ch[nr-1], &cr) == -1)
> I don't quite like that we parse the status twice (the 2nd one in dump_task_creds).
> Do the following -- call the parse_pid_status() early in dump_one_task before doing
> anything with the task, then check the uids and pass this structure into dump_creds.
By the way, isn't it wrong to check uids _after_ freezing task? I mean,
it does work fast, but some indecent user(even non-root), can hold any!
task freezed forever, by simply asking criu to dump it. But i do
understand, that if we will not freeze task, our information about
children could be incomplete.
>
>> + goto err;
>> +
>> + if (cr.uids[0] != cr_service_client->uid &&
>> + cr_service_client->uid != 0) {
>> + pr_perror("Child's uid != client's");
>> + goto err;
>> + }
>> + }
>> +
>> nr++;
>> tok = strtok(NULL, " \n");
>> }
>>
More information about the CRIU
mailing list