Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 18 Dec 2017 16:27:02 +0100
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: overly broad IPC details sharing on Linux Kernel?

Hi,

spotted by one of our customers...

shmctl(id, IPC_STAT, &buf)

returns the STAT information _only_ if the calling user has read-access to the "id" shared memory segment.

However, the proc entries in /proc/sysvipc/shm  return the entries for all users shared memory segments,
even if there is no read permission.

There is a bit of information leakage in the access times, but I currently do not see
any direct exploitability.

Regardless ... should the /proc/sysvipc/* files be restricted?

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.