Re: [PATCH] shmtcl SHM_LOCK perms

From: Chris Wright
Date: Tue Nov 30 2004 - 15:58:56 EST

Next message: Jan Engelhardt: "Re: Misleading error message"
Previous message: Linus Torvalds: "Re: [RFC] Splitting kernel headers and deprecating __KERNEL__"
In reply to: Hugh Dickins: "[PATCH] shmtcl SHM_LOCK perms"
Next in thread: Hugh Dickins: "Re: [PATCH] shmtcl SHM_LOCK perms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Hugh Dickins (hugh@xxxxxxxxxxx) wrote:
> Michael Kerrisk has observed that at present any process can SHM_LOCK
> any shm segment of size within process RLIMIT_MEMLOCK, despite having no
> permissions on the segment: surprising, though not obviously evil. And
> any process can SHM_UNLOCK any shm segment, despite no permissions on it:
> that is surely wrong.

You may be neither the owner, nor the creator of a segment but have read
access to it. In which case you could simply copy the contents of the
segment anywhere you like, which has similar effect to SHM_UNLOCK from
the point of view of paging out sensitive data.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jan Engelhardt: "Re: Misleading error message"
Previous message: Linus Torvalds: "Re: [RFC] Splitting kernel headers and deprecating __KERNEL__"
In reply to: Hugh Dickins: "[PATCH] shmtcl SHM_LOCK perms"
Next in thread: Hugh Dickins: "Re: [PATCH] shmtcl SHM_LOCK perms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]