On Mon, Dec 12, 2011 at 04:49:38PM -0500, KOSAKI Motohiro wrote:Hi
When we restore a task we need to set up text, data and data
heap sizes from userspace to the values a task had at
checkpoint time. This patch adds auxilary prctl codes for that.
While most of them have a statistical nature (their values
are involved into calculation of /proc/<pid>/statm output)
the start_brk and brk values are used to compute an allowed
size of program data segment expansion. Which means an arbitrary
changes of this values might be dangerous operation. So to restrict
access the following requirements applied to prctl calls:
- The process has to have CAP_SYS_ADMIN capability granted.
This is very dangerous feature and useless from regular admins.
Except brk() call I don't see where it might be extremelly
dangerous at moment but indeed it might become very dangerous
once code grows. Still if evil minded person got CAP_SYS_ADMIN
these prctls are least thing one should carry about.
Moreover, CAP_SYS_ADMIN has a pretty overweight meanings and
we can't disable it on practical. So, I have a question. Why
don't you make new capability for checkpoint?
It's not a problem to introduce CAP_CHECKPOINT_RESTORE, but
would it be accepted? I mean, are we fine with new capability
introduction? If yes -- I'll add new one and rebase the patch.