[CRIU] [PATCH 0/2] security: set and check imgs owner, group and mode
Ruslan Kuprieiev
kupruser at gmail.com
Sat Sep 13 03:12:34 PDT 2014
Currently, criu images are created with rw-rw-r-- mode. When CRIU is
used by non-root with suid bit set, img owner is root but img group is
user group. So, lets set img owner and group excessively. When reading
images, lets check img mode, owner and group to be sure, that img wasn't
modified by unpriviledged user. Root, in his turn, can use any images.
Ruslan Kuprieiev (2):
security: chown images to 0,0 when creating, and check owner, group and mode when reading
test: security: test that non-root can't restore images with wrong ids or mode
image.c | 12 ++++++++++++
include/crtools.h | 1 +
security.c | 43 +++++++++++++++++++++++++++++++++++++++++++
test/security/run.sh | 34 ++++++++++++++++++++++++++++++++++
4 files changed, 90 insertions(+)
--
1.9.3
More information about the CRIU
mailing list