[CRIU] Hardening the criu service daemon
Adrian Reber
adrian at lisas.de
Fri Sep 11 05:59:04 PDT 2015
On Tue, Aug 25, 2015 at 01:55:38PM +0200, Florian Weimer wrote:
[...]
> The service daemon currently has at least two sets of security issues:
>
> * CVE-2015-5228
> https://bugzilla.redhat.com/show_bug.cgi?id=1255782
>
> The service daemon writes to arbitrary places in the file system. One
> file file (criu.log) is even created with ownership matching that of the
> requesting process, which gives a fairly direct privilege escalation
> path to full root for any local user. The dump files themselves have
> user-controlled contents, which can likely be exploited as well.
>
> * CVE-2015-5231
> https://bugzilla.redhat.com/show_bug.cgi?id=1256728
>
> The service daemon disregards security policies regarding non-dumpable
> processes. This includes the kernel.yama.ptrace_scope=1 setting, but
> also prctrl changes (or changes implied ). Currently, the enforced
> security restriction is based on UID/GID matching, which is insufficient.
Pavel, as the service daemon is rather an unusual use case right now I
would like to remove the systemd files from Fedora's criu package.
Are there any objections because the service daemon is seen as an
important feature or is it okay to be removed?
Adrian
More information about the CRIU
mailing list