Security Issue - metafile opens files as root user

[ronalchn]

Metafile is opened with root privileges. Writing the metadata to an arbitrary file can cause system instability.

Without the fix in #1, this can also be used for privilege escalation attacks.

Being allowed to execute isolate (with setsuid flag) is equivalent to granting root access, because it allows writing to arbitrary system files. Such system files could include writing a cronjob script which grants root access.

https://github.com/ronalchn/isolate-cheater demonstrates a script which can write "adduser user sudo" to a system cronjob script.

This defeats the purpose of the setsuid flag, which is supposed to be so that the user running isolate doesn't need full root access.

[ronalchn]

Added issue #1 commits to this issue.

[ronalchn]

Rebased commits on older commits before merging into newer commits, since these have not been merged yet.

For those using an old version of isolate, without the changes in cgroup controllers, the rebase means that they can pull https://github.com/NZOI/moe-cms/tree/isolate.metafile.patch to get commit 981f9da without losing cgroup compatibility.

This branch (isolate.open.metafile.permissions) is the same isolate.metafile.patch + a merge commit.

It might also prevent future merge conflicts if the forks get re-merged.