[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] overly broad IPC details sharing on Linux Kernel?
From: Marcus Meissner <meissner () suse ! de>
Date: 2017-12-18 15:27:02
Message-ID: 20171218152702.GD30706 () suse ! de
[Download RAW message or body]
Hi,
spotted by one of our customers...
shmctl(id, IPC_STAT, &buf)
returns the STAT information _only_ if the calling user has read-access to the "id" shared memory segment.
However, the proc entries in /proc/sysvipc/shm return the entries for all users shared memory segments,
even if there is no read permission.
There is a bit of information leakage in the access times, but I currently do not see
any direct exploitability.
Regardless ... should the /proc/sysvipc/* files be restricted?
Ciao, Marcus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic