[CRIU] Hardening the criu service daemon

Florian Weimer fweimer at redhat.com
Fri Sep 11 06:20:49 PDT 2015


On 09/01/2015 01:23 PM, Pavel Emelyanov wrote:

>> You'd still need something stronger than a PID to attach to the process
>> (the requester process).
> 
> A /proc/pid/something file can be such. Once open()-ed it will pin the struct pid,
> so openat(that_fd, "path") will be able to access the original process safely.

It's still not clear to me how you can go from the incoming socket
connection to the correct process in a race-free manner.

-- 
Florian Weimer / Red Hat Product Security


More information about the CRIU mailing list