diff --git a/cr-restore.c b/cr-restore.c index 3debcbe44..8c7389ce0 100644 --- a/cr-restore.c +++ b/cr-restore.c @@ -1957,6 +1957,9 @@ static int prepare_creds(int pid, struct task_restore_core_args *args) return -1; } + if (!may_restore_uid(ce->uid)) + return -1; + args->creds = *ce; args->creds.cap_inh = args->cap_inh; memcpy(args->cap_inh, ce->cap_inh, sizeof(args->cap_inh)); diff --git a/crtools.c b/crtools.c index ebab0521c..10d6d204d 100644 --- a/crtools.c +++ b/crtools.c @@ -72,6 +72,7 @@ int main(int argc, char *argv[]) BUILD_BUG_ON(PAGE_SIZE != PAGE_IMAGE_SIZE); cr_pb_init(); + restrict_uid(getuid()); if (argc < 2) goto usage; diff --git a/include/crtools.h b/include/crtools.h index 8f84f94db..ca4dbbb0e 100644 --- a/include/crtools.h +++ b/include/crtools.h @@ -210,5 +210,6 @@ static inline bool pid_rst_prio(unsigned pid_a, unsigned pid_b) void restrict_uid(unsigned int uid); bool may_dump_uid(unsigned int uid); +bool may_restore_uid(unsigned int uid); #endif /* __CR_CRTOOLS_H__ */ diff --git a/security.c b/security.c index caf9dda2a..8f2a01d21 100644 --- a/security.c +++ b/security.c @@ -2,7 +2,7 @@ #include "crtools.h" #include "log.h" -static unsigned int dumper_uid = 0; +static unsigned int cr_uid; /* UID which user can C/R */ /* * Setup what user is requesting for dump (via rpc or using @@ -14,16 +14,33 @@ static unsigned int dumper_uid = 0; void restrict_uid(unsigned int uid) { pr_info("Restrict C/R with %u uid\n", uid); - dumper_uid = uid; + cr_uid = uid; +} + +static bool check_uid(unsigned int uid) +{ + if (cr_uid == 0) + return true; + if (cr_uid == uid) + return true; + + return false; } bool may_dump_uid(unsigned int uid) { - if (dumper_uid == 0) - return true; - if (dumper_uid == uid) + if (check_uid(uid)) return true; - pr_err("UID (%u) != dumper's UID(%u)\n", uid, dumper_uid); + pr_err("UID (%u) != dumper's UID(%u)\n", uid, cr_uid); + return false; +} + +bool may_restore_uid(unsigned int uid) +{ + if (check_uid(uid)) + return true; + + pr_err("UID (%u) != restorer's UID(%u)\n", uid, cr_uid); return false; }