[CRIU] [PATCH] security: change CR_FD_PERM from rw-rw-r-- to rw-r--r--

Ruslan Kuprieiev kupruser at gmail.com
Tue Sep 16 02:34:15 PDT 2014


This makes only root to be able to modify images by default.
When using criu with suid bit set, group of the images is set
to user group, which is not safe, considering current CR_FD_PERM.

Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
---
 include/crtools.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/crtools.h b/include/crtools.h
index 75047fc..a51886e 100644
--- a/include/crtools.h
+++ b/include/crtools.h
@@ -7,7 +7,7 @@
 #include "asm/types.h"
 #include "servicefd.h"
 
-#define CR_FD_PERM		(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH)
+#define CR_FD_PERM		(S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)
 
 extern int check_img_inventory(void);
 extern int write_img_inventory(void);
-- 
1.9.3



More information about the CRIU mailing list