[CRIU] [PATCH 0/2] security: set and check imgs owner, group and mode, v2
Ruslan Kuprieiev
kupruser at gmail.com
Sun Sep 14 22:50:40 PDT 2014
Currently, criu images are created with rw-rw-r-- mode. When CRIU is
used by non-root with suid bit set, img are created with owner=root but
group=user group. So, lets set fs gid to root. When reading
images, lets check img mode, owner and group to be sure, that img wasn't
modified by unpriviledged user. Root, in his turn, can use any images.
Ruslan Kuprieiev (2):
security: set fs gid to 0 and check img ids and mode when reading
test: security: test that non-root can't restore images with wrong ids or mode
image.c | 7 +++++++
include/crtools.h | 1 +
security.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
test/security/run.sh | 34 +++++++++++++++++++++++++++++++++
4 files changed, 95 insertions(+)
--
1.9.3
More information about the CRIU
mailing list