[CRIU] [PATCH 0/2] security: set and check imgs owner, group and mode, v2
Ruslan Kuprieiev
kupruser at gmail.com
Mon Sep 15 07:09:07 PDT 2014
Sorry about date on my latest emails, didn't notice that date on my vm
is corrupted.
On 15.09.2014 08:50, Ruslan Kuprieiev wrote:
> Currently, criu images are created with rw-rw-r-- mode. When CRIU is
> used by non-root with suid bit set, img are created with owner=root but
> group=user group. So, lets set fs gid to root. When reading
> images, lets check img mode, owner and group to be sure, that img wasn't
> modified by unpriviledged user. Root, in his turn, can use any images.
>
> Ruslan Kuprieiev (2):
> security: set fs gid to 0 and check img ids and mode when reading
> test: security: test that non-root can't restore images with wrong ids or mode
>
> image.c | 7 +++++++
> include/crtools.h | 1 +
> security.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> test/security/run.sh | 34 +++++++++++++++++++++++++++++++++
> 4 files changed, 95 insertions(+)
>
More information about the CRIU
mailing list