[CRIU] [PATCH 0/2] security: set and check imgs owner, group and mode

Ruslan Kuprieiev kupruser at gmail.com
Sat Sep 13 03:12:34 PDT 2014


Currently, criu images are created with rw-rw-r-- mode. When CRIU is
used by non-root with suid bit set, img owner is root but img group is
user group. So, lets set img owner and group excessively. When reading
images, lets check img mode, owner and group to be sure, that img wasn't
modified by unpriviledged user. Root, in his turn, can use any images.

Ruslan Kuprieiev (2):
  security: chown images to 0,0 when creating, and check owner, group and mode when reading
  test: security: test that non-root can't restore images with wrong ids or mode

 image.c              | 12 ++++++++++++
 include/crtools.h    |  1 +
 security.c           | 43 +++++++++++++++++++++++++++++++++++++++++++
 test/security/run.sh | 34 ++++++++++++++++++++++++++++++++++
 4 files changed, 90 insertions(+)

-- 
1.9.3



More information about the CRIU mailing list