[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87tzayh27r.wl%peter@chubb.wattle.id.au>
Date: Mon, 27 Oct 2008 19:27:52 +1100
From: Peter Chubb <peterc@...ato.unsw.edu.au>
To: Oren Laadan <orenl@...columbia.edu>
Cc: "Serge E. Hallyn" <serue@...ibm.com>,
Andrew Morton <akpm@...ux-foundation.org>,
torvalds@...ux-foundation.org,
containers@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org, linux-mm@...ck.org,
linux-api@...r.kernel.org, tglx@...utronix.de,
dave@...ux.vnet.ibm.com, mingo@...e.hu, hpa@...or.com,
viro@...iv.linux.org.uk
Subject: Re: [RFC v7][PATCH 2/9] General infrastructure for checkpoint restart
>>>>> "Oren" == Oren Laadan <orenl@...columbia.edu> writes:
Oren> Nope, since we will fail to restart in many cases. We will need
Oren> a way to move from caller's credentials to saved credentials,
Oren> and even from caller's credentials to privileged credentials
Oren> (e.g. to reopen a file that was created by a setuid program
Oren> prior to dropping privileges).
You can't necessarily tell the difference between this and revocation
of privilege. For most security models, it must be possible to change
the permissions on the file, and then the restart should fail.
In our implementation, we simply refused to checkpoint setid programs.
--
Dr Peter Chubb http://www.gelato.unsw.edu.au peterc AT gelato.unsw.edu.au
http://www.ertos.nicta.com.au ERTOS within National ICT Australia
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists