[CRIU] [PATCHv6 5/5] dump: don't dump if children's uids are not equal to client's uid
Pavel Emelyanov
xemul at parallels.com
Fri Sep 13 04:19:46 EDT 2013
On 09/13/2013 01:31 AM, Ruslan Kuprieiev wrote:
> On 09/12/2013 02:36 PM, Pavel Emelyanov wrote:
>> On 09/12/2013 01:00 AM, Ruslan Kuprieiev wrote:
>>> Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
>>>
>>
>>> @@ -773,6 +774,23 @@ static int parse_children(pid_t pid, pid_t **_c, int *_n)
>>> goto err;
>>> ch = tmp;
>>> ch[nr - 1] = atoi(tok);
>>> +
>>> + /*
>>> + * Don't dump at all, if client's uid is not equal
>>> + * to child's uid, unless client is root.
>>> + */
>>> + if (cr_service_client != NULL) {
>>> + struct proc_status_creds cr;
>>> + if (parse_pid_status(ch[nr-1], &cr) == -1)
>> I don't quite like that we parse the status twice (the 2nd one in dump_task_creds).
>> Do the following -- call the parse_pid_status() early in dump_one_task before doing
>> anything with the task, then check the uids and pass this structure into dump_creds.
>
> By the way, isn't it wrong to check uids _after_ freezing task? I mean,
> it does work fast, but some indecent user(even non-root), can hold any!
> task freezed forever, by simply asking criu to dump it. But i do
> understand, that if we will not freeze task, our information about
> children could be incomplete.
It can be a problem, yes, but we can fix that later.
>>
>>> + goto err;
>>> +
>>> + if (cr.uids[0] != cr_service_client->uid &&
>>> + cr_service_client->uid != 0) {
>>> + pr_perror("Child's uid != client's");
>>> + goto err;
>>> + }
>>> + }
>>> +
>>> nr++;
>>> tok = strtok(NULL, " \n");
>>> }
>>>
>
> .
>
More information about the CRIU
mailing list