LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Cryptography to the rescue!

Cryptography to the rescue!

Posted Feb 25, 2010 16:33 UTC (Thu) by hallyn (subscriber, #22558)
In reply to: Cryptography to the rescue! by quotemstr
Parent article: A Checkpoint/restart update

Indeed we definately intend to exploit the TPM, and have it sign valid
checkpoint images.

As for using MAC, you can certainly set up an assured pipeline using
SELinux policy to make sure that noone can modify a checkpoint image,
and that /bin/restart runs in a domain which can only read valid
checkpoint images. Hmm, well, I suppose /bin/restart_wrapper would
only be able to open validated checkpoint images, then pass those in
to /bin/restart (restart itself will need to open all the files used
by the restarted program).

Finally, note that an unprivileged user can neither checkpoint nor
restart a setuid program. It can't checkpoint it because it will fail
the ptrace access checks, and can't restart it because sys_restart() will
try to do cred_setresuid() to an effective userid of 0 and fail (or open
a resource which the unprivileged user cannot access, and fail).

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds