Return-Path: <linux-kernel-owner+w=401wt.eu-S1753298AbYJ0I2t@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753298AbYJ0I2t (ORCPT <rfc822;w@1wt.eu>);
	Mon, 27 Oct 2008 04:28:49 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752056AbYJ0I2m
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Mon, 27 Oct 2008 04:28:42 -0400
Received: from lemon.ertos.nicta.com.au ([203.143.174.143]:35658 "EHLO
	lemon.gelato.unsw.edu.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751116AbYJ0I2l (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 27 Oct 2008 04:28:41 -0400
Date: Mon, 27 Oct 2008 19:27:52 +1100
Message-ID: <87tzayh27r.wl%peter@chubb.wattle.id.au>
From: Peter Chubb <peterc@gelato.unsw.edu.au>
To: Oren Laadan <orenl@cs.columbia.edu>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>,
       Andrew Morton <akpm@linux-foundation.org>,
       torvalds@linux-foundation.org, containers@lists.linux-foundation.org,
       linux-kernel@vger.kernel.org, linux-mm@kvack.org,
       linux-api@vger.kernel.org, tglx@linutronix.de, dave@linux.vnet.ibm.com,
       mingo@elte.hu, hpa@zytor.com, viro@zeniv.linux.org.uk
In-Reply-To: <48FF4EB2.5060206@cs.columbia.edu>
References: <1224481237-4892-1-git-send-email-orenl@cs.columbia.edu>
	<1224481237-4892-3-git-send-email-orenl@cs.columbia.edu>
	<20081021124130.a002e838.akpm@linux-foundation.org>
	<20081021202410.GA10423@us.ibm.com>
	<48FE82DF.6030005@cs.columbia.edu>
	<20081022152804.GA23821@us.ibm.com>
	<48FF4EB2.5060206@cs.columbia.edu>
User-Agent: Wanderlust/2.15.6 (Almost Unreal) SEMI/1.14.6 (Maruoka)
 FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.7 MULE XEmacs/21.4 (patch 21)
 (Educational Television) (i486-linux-gnu)
Organization: Gelato@UNSW
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
X-SA-Exim-Connect-IP: 220.237.0.198
X-SA-Exim-Mail-From: peterc@gelato.unsw.edu.au
Subject: Re: [RFC v7][PATCH 2/9] General infrastructure for checkpoint	restart
X-SA-Exim-Version: 4.2.1 (built Wed, 25 Jun 2008 17:20:11 +0000)
X-SA-Exim-Scanned: Yes (on lemon.gelato.unsw.edu.au)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1047
Lines: 22

>>>>> "Oren" == Oren Laadan <orenl@cs.columbia.edu> writes:


Oren> Nope, since we will fail to restart in many cases. We will need
Oren> a way to move from caller's credentials to saved credentials,
Oren> and even from caller's credentials to privileged credentials
Oren> (e.g. to reopen a file that was created by a setuid program
Oren> prior to dropping privileges).

You can't necessarily tell the difference between this and revocation
of privilege.  For most security models, it must be possible to change
the permissions on the file, and then the restart should fail.

In our implementation, we simply refused to checkpoint setid programs.
--
Dr Peter Chubb  http://www.gelato.unsw.edu.au  peterc AT gelato.unsw.edu.au
http://www.ertos.nicta.com.au           ERTOS within National ICT Australia
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/