- Adjust unbound-control to make stats_shm a read only operation.

diff --git a/doc/Changelog b/doc/Changelog
index 031e753017672e6918d2b4e4249c3b290ea31cd6..aa2c5df1c6f5bcbb871c7fa3c52cfb975fee3215 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -5,6 +5,7 @@
          reported by X41 D-Sec.
        - Fix Shared Memory World Writeable,
          reported by X41 D-Sec.
+       - Adjust unbound-control to make stats_shm a read only operation.
 
 19 November 2019: Wouter
        - Fix CVE-2019-18934, shell execution in ipsecmod.

diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index 20b4575c065fd003e0bd990f6cb7f433ee1b12dd..ed8bad1e9719d58050fdd03aea7bcccc4aa93f1f 100644 (file)
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -423,19 +423,19 @@ static void print_stats_shm(const char* cfgfile)
        if(!config_read(cfg, cfgfile, NULL))
                fatal_exit("could not read config file");
        /* get shm segments */
-       id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R|SHM_W);
+       id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R);
        if(id_ctl == -1) {
                fatal_exit("shmget(%d): %s", cfg->shm_key, strerror(errno));
        }
-       id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R|SHM_W);
+       id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R);
        if(id_arr == -1) {
                fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno));
        }
-       shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, 0);
+       shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, SHM_RDONLY);
        if(shm_stat == (void*)-1) {
                fatal_exit("shmat(%d): %s", id_ctl, strerror(errno));
        }
-       stats = (struct ub_stats_info*)shmat(id_arr, NULL, 0);
+       stats = (struct ub_stats_info*)shmat(id_arr, NULL, SHM_RDONLY);
        if(stats == (void*)-1) {
                fatal_exit("shmat(%d): %s", id_arr, strerror(errno));
        }