mir/criu
2
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu synced 2025-09-01 14:55:39 +00:00
Code Issues Releases Wiki Activity

restore: open the pidfile with O_EXCL

Browse Source 
There is a potential attack here where if someone is restoring something and
criu write the pid to a file the attacker controls, the attacker can then
re-write that to whatever pid they want. ciru should instead open the file with
O_EXCL so that the restore fails if the file exists.

We don't need O_TRUNC here since we're O_EXCL-ing the file.

Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This commit is contained in:
Tycho Andersen
2014-09-02 18:57:00 +04:00
committed by Pavel Emelyanov
parent d6f09cd35c
commit ae3cb4fb1f
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
log.c
View File

@@ -185,7 +185,7 @@ int write_pidfile(int pid)
{ {
int fd; int fd;
fd = open(opts.pidfile, O_WRONLY | O_TRUNC | O_CREAT, 0600); fd = open(opts.pidfile, O_WRONLY | O_EXCL | O_CREAT, 0600);
if (fd == -1) { if (fd == -1) {
pr_perror("Can't open %s", opts.pidfile); pr_perror("Can't open %s", opts.pidfile);
return -1; return -1;

3
test/zdtm.sh
View File

@@ -638,6 +638,9 @@ EOF
"${test}.hook" --pre-restore || return 2 "${test}.hook" --pre-restore || return 2
fi fi
# Restore fails if --pidfile exists, so remove it.
rm -f $TPID || true
echo Restore echo Restore
setsid $CRIU restore -D $ddump -o restore.log -v4 -d $gen_args || return 2 setsid $CRIU restore -D $ddump -o restore.log -v4 -d $gen_args || return 2