From: Oren Laadan <orenl@cs.columbia.edu>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>,
lkml <linux-kernel@vger.kernel.org>,
Linux Containers <containers@lists.osdl.org>
Subject: Re: C/R review
Date: Wed, 18 Mar 2009 05:44:19 -0400 [thread overview]
Message-ID: <49C0C273.4070408@cs.columbia.edu> (raw)
In-Reply-To: <20090318004742.GA14308@us.ibm.com>
Serge E. Hallyn wrote:
> Quoting Alexey Dobriyan (adobriyan@gmail.com):
>>> +Keeping the restart procedure to operate within the limits of the
>>> +caller's credentials means that there various scenarios that cannot
>>> +be supported. For instance, a setuid program that opened a protected
>>> +log file and then dropped privileges will fail the restart, because
>>> +the user won't have enough credentials to reopen the file.
>> That's a bug.
>
> What is described is not a bug, but I think the way it is done is in
> fact a bug.
>
> Note that just because you *can* do the restart without privilege
> doesn't mean that you have to. If you do a restart with privilege,
> then you should be able to open that file, then drop down to the
> original task's uid.
>
> But to say that letting an unprivileged user do restart, and that
> it will only succeed if it can access the resources its allowed to
> access, is bogus.
>
> But I do think the way it's implemented will become buggy and needs to
> be fixed. That is, we do cr_read_task_struct() before we do
> cr_read_files(). So in fact if I'm root doing restart of such a
> checkpoint image, I'll first drop down to uid 500, then open the files.
>
> That would obviously be a bug.
>
> Now, we don't actually restore uids yet in the current code, so
> it's still a theoretical bug :)
Good point. And that's why uid's will be restored at the end :)
(when we get there ...)
Oren.
next prev parent reply other threads:[~2009-03-18 9:45 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-17 21:01 C/R review Alexey Dobriyan
2009-03-18 0:47 ` Serge E. Hallyn
2009-03-18 9:44 ` Oren Laadan [this message]
2009-03-18 10:19 ` Oren Laadan
2009-03-18 16:00 ` Dave Hansen
2009-03-18 17:53 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49C0C273.4070408@cs.columbia.edu \
--to=orenl@cs.columbia.edu \
--cc=adobriyan@gmail.com \
--cc=containers@lists.osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox