[CRIU] Hardening the criu service daemon
Florian Weimer
fweimer at redhat.com
Fri Sep 11 06:20:49 PDT 2015
On 09/01/2015 01:23 PM, Pavel Emelyanov wrote:
>> You'd still need something stronger than a PID to attach to the process
>> (the requester process).
>
> A /proc/pid/something file can be such. Once open()-ed it will pin the struct pid,
> so openat(that_fd, "path") will be able to access the original process safely.
It's still not clear to me how you can go from the incoming socket
connection to the correct process in a race-free manner.
--
Florian Weimer / Red Hat Product Security
More information about the CRIU
mailing list