[CRIU] [PATCH] restore: open the pidfile with O_EXCL
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Sep 2 11:14:11 PDT 2014
Quoting Tycho Andersen (tycho.andersen at canonical.com):
> There is a potential attack here where if someone is restoring something and
> criu write the pid to a file the attacker controls, the attacker can then
(non-root attacker, of course)
> re-write that to whatever pid they want. ciru should instead open the file with
> O_EXCL so that the restore fails if the file exists.
specifically to ensure that root owns the file.
> We don't need O_TRUNC here since we're O_EXCL-ing the file.
>
> Reported-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Thanks, Tycho.
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
> ---
> log.c | 2 +-
> test/zdtm.sh | 3 +++
> 2 files changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/log.c b/log.c
> index c5ad472..c6e64da 100644
> --- a/log.c
> +++ b/log.c
> @@ -185,7 +185,7 @@ int write_pidfile(int pid)
> {
> int fd;
>
> - fd = open(opts.pidfile, O_WRONLY | O_TRUNC | O_CREAT, 0600);
> + fd = open(opts.pidfile, O_WRONLY | O_EXCL | O_CREAT, 0600);
> if (fd == -1) {
> pr_perror("Can't open %s", opts.pidfile);
> return -1;
> diff --git a/test/zdtm.sh b/test/zdtm.sh
> index 5d03ecc..d247b22 100755
> --- a/test/zdtm.sh
> +++ b/test/zdtm.sh
> @@ -638,6 +638,9 @@ EOF
> "${test}.hook" --pre-restore || return 2
> fi
>
> + # Restore fails if --pidfile exists, so remove it.
> + rm -f $TPID || true
> +
> echo Restore
> setsid $CRIU restore -D $ddump -o restore.log -v4 -d $gen_args || return 2
>
> --
> 1.9.1
>
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
More information about the CRIU
mailing list