[CRIU] Hardening the criu service daemon

Ruslan Kuprieiev kupruser at gmail.com
Fri Sep 11 06:17:28 PDT 2015


Hi,

On 11.09.15 16:06, Pavel Emelyanov wrote:
>> Are there any objections because the service daemon is seen as an
>> >important feature or is it okay to be removed?
> I'm OK with it.
>
> I would even suggest deprecating the service as a whole, but before doing
> this we should implement the "self dump" facility via swrk and then audit
> the swrk mode for not be subject to the same cves.
>
> -- Pavel
Why deprecating it at all? Isn't it much more secure to let users use
service socket instead of giving them a suid-ed binary?

Thanks,
Ruslan


More information about the CRIU mailing list