Date: Mon, 18 Dec 2017 16:27:02 +0100 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: overly broad IPC details sharing on Linux Kernel? Hi, spotted by one of our customers... shmctl(id, IPC_STAT, &buf) returns the STAT information _only_ if the calling user has read-access to the "id" shared memory segment. However, the proc entries in /proc/sysvipc/shm return the entries for all users shared memory segments, even if there is no read permission. There is a bit of information leakage in the access times, but I currently do not see any direct exploitability. Regardless ... should the /proc/sysvipc/* files be restricted? Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ