[CRIU] [PATCH] security: check_ids - return true if [se]?[ug]id is the same as task id
Pavel Emelyanov
xemul at parallels.com
Tue Jun 17 05:15:31 PDT 2014
On 06/17/2014 01:40 PM, Andrew Vagin wrote:
> We was talking with you about the third one. Images are created from a
> suid user. On restore criu checks that images are belonged to this user.
>
> Only root can change file owners, so it looks secure.
Well, yes. I've already expressed this idea in another sub-thread.
Files belonging to root and having no write perms for anyone else
are safe to be used as restore images regardless of contents.
Thanks,
Pavel
More information about the CRIU
mailing list