[CRIU] Hardening the criu service daemon

Florian Weimer fweimer at redhat.com
Fri Sep 11 06:32:20 PDT 2015


On 09/11/2015 03:30 PM, Pavel Emelyanov wrote:
> On 09/11/2015 04:23 PM, Florian Weimer wrote:
>> On 09/11/2015 03:17 PM, Ruslan Kuprieiev wrote:
>>> Hi,
>>>
>>> On 11.09.15 16:06, Pavel Emelyanov wrote:
>>>>> Are there any objections because the service daemon is seen as an
>>>>>> important feature or is it okay to be removed?
>>>> I'm OK with it.
>>>>
>>>> I would even suggest deprecating the service as a whole, but before doing
>>>> this we should implement the "self dump" facility via swrk and then audit
>>>> the swrk mode for not be subject to the same cves.
>>>>
>>>> -- Pavel
>>> Why deprecating it at all? Isn't it much more secure to let users use
>>> service socket instead of giving them a suid-ed binary?
>>
>> Currently, both are equally insecure.  Making the binary SUID isn't even
>> documented, as far as I know.
> 
> It is at the http://criu.org/Security page. Probably not as good as it could be,
> but still it's there.

Oh, a half-sentence at the start of the page.  So is the intent that
SUID installation of the criu binary is supported?  I suspect there
would be some additional vulnerabilities in this mode.

-- 
Florian Weimer / Red Hat Product Security


More information about the CRIU mailing list