Cryptography to the rescue!
Posted Feb 25, 2010 16:23 UTC (Thu) by quotemstr
Parent article: A Checkpoint/restart update
Doing things this way will break certain use cases, such as checkpointing a setuid program which has since dropped its privileges, but there is probably no way to make that case work securely for unprivileged users.
The problem with restoring a setuid program is that users might be able to modify the serialized state. Why not use a MAC
to authenticate the saved state? Administrators would need to provide a secret key not visible to ordinary users, of course, but that would be trivial to provide via a sysctl.
On the other hand, it seems like it'd be possible to implement this authenticated-checkpoint functionality from userspace by asking a privileged process to do the checkpointing and restoration on behalf of an ordinary user.
to post comments)