- Fix Shared Memory World Writeable,

  reported by X41 D-Sec.

diff --git a/doc/Changelog b/doc/Changelog
index fb44011f037cb0c66aba458126cb559e0655a39c..031e753017672e6918d2b4e4249c3b290ea31cd6 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,8 @@
          reported by X41 D-Sec.
        - Fix Race Condition in autr_tp_create(),
          reported by X41 D-Sec.
+       - Fix Shared Memory World Writeable,
+         reported by X41 D-Sec.
 
 19 November 2019: Wouter
        - Fix CVE-2019-18934, shell execution in ipsecmod.

diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c
index 374dd7fd85f454dd50fff1123f481fbec6688d74..46a71510fea3263c03cdbabaa2ebe818a3b5ef42 100644 (file)
--- a/util/shm_side/shm_main.c
+++ b/util/shm_side/shm_main.c
@@ -121,7 +121,7 @@ int shm_main_init(struct daemon* daemon)
                shmctl(daemon->shm_info->id_arr, IPC_RMID, NULL);
 
        /* SHM: Create the segment */
-       daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct ub_shm_stat_info), IPC_CREAT | 0666);
+       daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct ub_shm_stat_info), IPC_CREAT | 0644);
 
        if (daemon->shm_info->id_ctl < 0)
        {
@@ -134,7 +134,7 @@ int shm_main_init(struct daemon* daemon)
                return 0;
        }
 
-       daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0666);
+       daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0644);
 
        if (daemon->shm_info->id_arr < 0)
        {