Re: Further shmctl() SHM_LOCK strangeness

From: Rik van Riel
Date: Sat Nov 27 2004 - 02:15:18 EST

Next message: Ingo Molnar: "Re: [patch] Real-Time Preemption, -RT-2.6.10-rc2-mm3-V0.7.31-0"
Previous message: Norbert van Nobelen: "Is something wrong with the list?? Not receiving any messages since 10:55 GMT-1"
In reply to: Michael Kerrisk: "Re: Further shmctl() SHM_LOCK strangeness"
Next in thread: Michael Kerrisk: "Re: Further shmctl() SHM_LOCK strangeness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 25 Nov 2004, Michael Kerrisk wrote:

As noted by Hugh, the problem also applies for
SHM_UNLOCK: anyone can unlock any System V shared
memory segment. If our reason for locking memory
was security (no swapping), then this does allow
for exploits.

Good point. I guess that for SHM_UNLOCK operations
we need to check for either:

1) current->user is the same user who SHM_LOCKed the
segment in question

or

2) the process has the correct capabilities set

--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [patch] Real-Time Preemption, -RT-2.6.10-rc2-mm3-V0.7.31-0"
Previous message: Norbert van Nobelen: "Is something wrong with the list?? Not receiving any messages since 10:55 GMT-1"
In reply to: Michael Kerrisk: "Re: Further shmctl() SHM_LOCK strangeness"
Next in thread: Michael Kerrisk: "Re: Further shmctl() SHM_LOCK strangeness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]