Date: Mon, 18 Dec 2017 16:27:02 +0100 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: overly broad IPC details sharing on Linux Kernel? Hi, spotted by one of our customers... shmctl(id, IPC_STAT, &buf) returns the STAT information _only_ if the calling user has read-access to the "id" shared memory segment. However, the proc entries in /proc/sysvipc/shm return the entries for all users shared memory segments, even if there is no read permission. There is a bit of information leakage in the access times, but I currently do not see any direct exploitability. Regardless ... should the /proc/sysvipc/* files be restricted? Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.