[CRIU] [PATCH] security: check_ids - return true if [se]?[ug]id is the same as task id

Pavel Emelyanov xemul at parallels.com
Fri May 23 02:33:42 PDT 2014


On 05/19/2014 06:17 PM, Ruslan Kuprieiev wrote:
> On 17.05.2014 12:00, Andrew Vagin wrote:
>> On Fri, May 16, 2014 at 05:54:55PM +0300, Ruslan Kuprieiev wrote:
>>> Currently there are typos in check_ids, so one can't pass this check,
>>> unless (u/g)id == e(g/u)id == s(g/u)id == task_(g/u)id.
> 
> OMG, I mixed task and caller id's in this description!

The checks you're fixing prevent from creating images with "bad"
code and restore them into siud-ed process. What problem are we
trying to resolve? If I get it right it is -- task executes a
suid-ed binary belonging to some other user, then we checkpoint
it, then try to restore and fail. Is that correct?

>>> Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
>>> ---
>>>   security.c | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/security.c b/security.c
>>> index d4b4230..dc90208 100644
>>> --- a/security.c
>>> +++ b/security.c
>>> @@ -28,7 +28,7 @@ static bool check_ids(unsigned int crid, unsigned int rid,
>>> unsigned int eid, uns
>>>   {
>>>       if (crid == 0)
>>>           return true;
>>> -    if (crid == rid && crid == eid && crid == sid)
>>> +    if (crid == rid || crid == eid || crid == sid)
>> I have thought a bit more and now I am not sure about this. Could you explain why this is correct?
> 
> Hm... Yes, you are right. Well, crid == rid || crid == sid we get from the
> statement, that we should be able to dump task, if we can kill it.
> And crid == eid looks wrong.
> 
>>>           return true;
>>>
>>>       pr_err("UID/GID mismatch %u != (%u,%u,%u)\n", crid, rid, eid, sid);
>>> -- 
>>> 1.8.1.2
>>>
>>> _______________________________________________
>>> CRIU mailing list
>>> CRIU at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/criu
> 
> 




More information about the CRIU mailing list