[CRIU] [PATCH] security: check_ids - return true if [se]?[ug]id is the same as task id

Pavel Emelyanov xemul at parallels.com
Tue Jun 17 05:15:31 PDT 2014


On 06/17/2014 01:40 PM, Andrew Vagin wrote:

> We was talking with you about the third one. Images are created from a
> suid user. On restore criu checks that images are belonged to this user.
> 
> Only root can change file owners, so it looks secure.

Well, yes. I've already expressed this idea in another sub-thread.
Files belonging to root and having no write perms for anyone else
are safe to be used as restore images regardless of contents.

Thanks,
Pavel


More information about the CRIU mailing list