[CRIU] [PATCH] files-reg: fix /proc/<pid>/* ownership for linkat restore
Pavel Emelyanov
xemul at parallels.com
Fri Dec 18 04:23:48 PST 2015
On 12/17/2015 10:36 PM, Andrey Wagin wrote:
> 2015-12-17 16:28 GMT+03:00 Dmitry Safonov <dsafonov at odin.com>:
>> On 12/17/2015 03:58 PM, Pavel Emelyanov wrote:
>>>
>>> On 12/17/2015 03:25 PM, Dmitry Safonov wrote:
>>>>
>>>> After linkat_hard with setfsuid permissions of files in
>>>> /proc/<pid>/* changes to root because of pid_getattr @ fs/proc/base.c
>>>> will fail to check has_pid_permissions() in ptrace_may_access()
>>>
>>> Wait, the __ptrace_may_access starts with
>>>
>>> if (same_thread_group(task, current))
>>> return 0;
>>>
>>> so writing to self is always granted.
>>
>> Seems so, will check it.
>
> The dumpable flag is checked in proc_pid_make_inode
> if (task_dumpable(task)) {
> rcu_read_lock();
> cred = __task_cred(task);
> inode->i_uid = cred->euid;
> inode->i_gid = cred->egid;
> rcu_read_unlock();
> }
OK, so the right comment to this patch is -- the proc inode istelf
is created (and revalidated) with uid/gid being not task's and generic
vfs permission checks fail.
OK then, but plz, fix the patch -- restore of dumpable flag should go
only when the setfsuid() is done and (!) there should be a good code
comment describing why this is done.
-- Pavel
More information about the CRIU
mailing list