[CRIU] Hardening the criu service daemon

Cyrill Gorcunov gorcunov at gmail.com
Fri Sep 11 06:48:34 PDT 2015


On Fri, Sep 11, 2015 at 04:30:43PM +0300, Pavel Emelyanov wrote:
> > 
> > Currently, both are equally insecure.  Making the binary SUID isn't even
> > documented, as far as I know.
> 
> It is at the http://criu.org/Security page. Probably not as good as it could be,
> but still it's there.

Guys, I might be completely wrong but it seems our rpc mechanism
(while doing exactly what it been designed for) still missing one
of the key feature -- some kind of authentication and authorization.
Is there some well-known framework/library which could be used for
such purposes (including "talking" to the daemon via secure layer).
Or I'm completely out of topic?


More information about the CRIU mailing list