[CRIU] Hardening the criu service daemon
Ruslan Kuprieiev
kupruser at gmail.com
Fri Sep 11 06:17:28 PDT 2015
Hi,
On 11.09.15 16:06, Pavel Emelyanov wrote:
>> Are there any objections because the service daemon is seen as an
>> >important feature or is it okay to be removed?
> I'm OK with it.
>
> I would even suggest deprecating the service as a whole, but before doing
> this we should implement the "self dump" facility via swrk and then audit
> the swrk mode for not be subject to the same cves.
>
> -- Pavel
Why deprecating it at all? Isn't it much more secure to let users use
service socket instead of giving them a suid-ed binary?
Thanks,
Ruslan
More information about the CRIU
mailing list