This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH][BZ #15763][BZ #14752] Restrict shm_open and shm_unlink to SHMDIR.
- From: Florian Weimer <fweimer at redhat dot com>
- To: OndÅej BÃlka <neleai at seznam dot cz>
- Cc: libc-alpha at sourceware dot org
- Date: Wed, 23 Oct 2013 20:18:09 +0200
- Subject: Re: [PATCH][BZ #15763][BZ #14752] Restrict shm_open and shm_unlink to SHMDIR.
- Authentication-results: sourceware.org; auth=none
- References: <20131015073738 dot GA32465 at domone dot podge> <5264FB77 dot 7090400 at redhat dot com> <20131023124140 dot GA5434 at domone dot podge>
On 10/23/2013 02:41 PM, OndÅej BÃlka wrote:
Sorry, I missed the NAME_MAX reference. I don't think it's guarantueed
to be available. I see that it's desirable to have some upper bound to
avoid alloca issues. Not sure if it's okay to put in some arbitrary
constant (1024 would be fine in my book).
+ fd = shm_open ("/../escaped", O_RDWR | O_CREAT | O_TRUNC | O_EXCL, 0600);
This could use /../../../../../../../tmp/escaped so that the test works
as root as well. You could also supply O_NOFOLLOW and fail the test if
the error is EEXIST.
Florian Weimer / Red Hat Product Security Team