[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] overly broad IPC details sharing on Linux Kernel?
From:       Marcus Meissner <meissner () suse ! de>
Date:       2017-12-18 15:27:02
Message-ID: 20171218152702.GD30706 () suse ! de
[Download RAW message or body]

Hi,

spotted by one of our customers...

shmctl(id, IPC_STAT, &buf)

returns the STAT information _only_ if the calling user has read-access to the "id" shared memory segment.

However, the proc entries in /proc/sysvipc/shm  return the entries for all users shared memory segments,
even if there is no read permission.

There is a bit of information leakage in the access times, but I currently do not see
any direct exploitability.

Regardless ... should the /proc/sysvipc/* files be restricted?

Ciao, Marcus
[prev in list] [next in list] [prev in thread] [next in thread]