From: W.C.A. Wijngaards Date: Wed, 20 Nov 2019 10:18:03 +0000 (+0100) Subject: - Adjust unbound-control to make stats_shm a read only operation. X-Git-Tag: release-1.9.6rc1~53 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e3da817c34f07330e9ecb77c6e7d683878eecf3;p=thirdparty%2Funbound.git - Adjust unbound-control to make stats_shm a read only operation. --- diff --git a/doc/Changelog b/doc/Changelog index 031e75301..aa2c5df1c 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -5,6 +5,7 @@ reported by X41 D-Sec. - Fix Shared Memory World Writeable, reported by X41 D-Sec. + - Adjust unbound-control to make stats_shm a read only operation. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index 20b4575c0..ed8bad1e9 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -423,19 +423,19 @@ static void print_stats_shm(const char* cfgfile) if(!config_read(cfg, cfgfile, NULL)) fatal_exit("could not read config file"); /* get shm segments */ - id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R|SHM_W); + id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R); if(id_ctl == -1) { fatal_exit("shmget(%d): %s", cfg->shm_key, strerror(errno)); } - id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R|SHM_W); + id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R); if(id_arr == -1) { fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno)); } - shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, 0); + shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, SHM_RDONLY); if(shm_stat == (void*)-1) { fatal_exit("shmat(%d): %s", id_ctl, strerror(errno)); } - stats = (struct ub_stats_info*)shmat(id_arr, NULL, 0); + stats = (struct ub_stats_info*)shmat(id_arr, NULL, SHM_RDONLY); if(stats == (void*)-1) { fatal_exit("shmat(%d): %s", id_arr, strerror(errno)); }