[CRIU] [PATCH] files-reg: fix /proc/<pid>/* ownership for linkat restore

Pavel Emelyanov xemul at parallels.com
Fri Dec 18 04:23:48 PST 2015


On 12/17/2015 10:36 PM, Andrey Wagin wrote:
> 2015-12-17 16:28 GMT+03:00 Dmitry Safonov <dsafonov at odin.com>:
>> On 12/17/2015 03:58 PM, Pavel Emelyanov wrote:
>>>
>>> On 12/17/2015 03:25 PM, Dmitry Safonov wrote:
>>>>
>>>> After linkat_hard with setfsuid permissions of files in
>>>> /proc/<pid>/* changes to root because of pid_getattr @ fs/proc/base.c
>>>> will fail to check has_pid_permissions() in ptrace_may_access()
>>>
>>> Wait, the  __ptrace_may_access starts with
>>>
>>>          if (same_thread_group(task, current))
>>>                  return 0;
>>>
>>> so writing to self is always granted.
>>
>> Seems so, will check it.
> 
> The dumpable flag is checked in proc_pid_make_inode
>         if (task_dumpable(task)) {
>                 rcu_read_lock();
>                 cred = __task_cred(task);
>                 inode->i_uid = cred->euid;
>                 inode->i_gid = cred->egid;
>                 rcu_read_unlock();
>         }

OK, so the right comment to this patch is -- the proc inode istelf
is created (and revalidated) with uid/gid being not task's and generic
vfs permission checks fail.

OK then, but plz, fix the patch -- restore of dumpable flag should go
only when the setfsuid() is done and (!) there should be a good code
comment describing why this is done.

-- Pavel



More information about the CRIU mailing list