[CRIU] [PATCH] security: check_ids - return true if [se]?[ug]id is the same as task id

Andrew Vagin avagin at parallels.com
Tue Jun 17 06:30:35 PDT 2014


On Tue, Jun 17, 2014 at 04:15:31PM +0400, Pavel Emelyanov wrote:
> On 06/17/2014 01:40 PM, Andrew Vagin wrote:
> 
> > We was talking with you about the third one. Images are created from a
> > suid user. On restore criu checks that images are belonged to this user.
> > 
> > Only root can change file owners, so it looks secure.
> 
> Well, yes. I've already expressed this idea in another sub-thread.
> Files belonging to root and having no write perms for anyone else
> are safe to be used as restore images regardless of contents.

It is not the same. Why they should belong to root? Or may be root a code
name for suid (Saved User ID)?

> 
> Thanks,
> Pavel


More information about the CRIU mailing list