[CRIU] [PATCH] security: check_ids - return true if [se]?[ug]id is the same as task id
Andrew Vagin
avagin at parallels.com
Tue Jun 17 06:30:35 PDT 2014
On Tue, Jun 17, 2014 at 04:15:31PM +0400, Pavel Emelyanov wrote:
> On 06/17/2014 01:40 PM, Andrew Vagin wrote:
>
> > We was talking with you about the third one. Images are created from a
> > suid user. On restore criu checks that images are belonged to this user.
> >
> > Only root can change file owners, so it looks secure.
>
> Well, yes. I've already expressed this idea in another sub-thread.
> Files belonging to root and having no write perms for anyone else
> are safe to be used as restore images regardless of contents.
It is not the same. Why they should belong to root? Or may be root a code
name for suid (Saved User ID)?
>
> Thanks,
> Pavel
More information about the CRIU
mailing list