Doing things this way will break certain use cases, such as checkpointing a setuid program which has since dropped its privileges, but there is probably no way to make that case work securely for unprivileged users.The problem with restoring a setuid program is that users might be able to modify the serialized state. Why not use a MAC to authenticate the saved state? Administrators would need to provide a secret key not visible to ordinary users, of course, but that would be trivial to provide via a sysctl.
On the other hand, it seems like it'd be possible to implement this authenticated-checkpoint functionality from userspace by asking a privileged process to do the checkpointing and restoration on behalf of an ordinary user.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds