From: W.C.A. Wijngaards Date: Wed, 20 Nov 2019 10:13:45 +0000 (+0100) Subject: - Fix Shared Memory World Writeable, X-Git-Tag: release-1.9.6rc1~54 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c54fe828860cdd53b89f942d1e9cc9337e12cadd;p=thirdparty%2Funbound.git - Fix Shared Memory World Writeable, reported by X41 D-Sec. --- diff --git a/doc/Changelog b/doc/Changelog index fb44011f0..031e75301 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,8 @@ reported by X41 D-Sec. - Fix Race Condition in autr_tp_create(), reported by X41 D-Sec. + - Fix Shared Memory World Writeable, + reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c index 374dd7fd8..46a71510f 100644 --- a/util/shm_side/shm_main.c +++ b/util/shm_side/shm_main.c @@ -121,7 +121,7 @@ int shm_main_init(struct daemon* daemon) shmctl(daemon->shm_info->id_arr, IPC_RMID, NULL); /* SHM: Create the segment */ - daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct ub_shm_stat_info), IPC_CREAT | 0666); + daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct ub_shm_stat_info), IPC_CREAT | 0644); if (daemon->shm_info->id_ctl < 0) { @@ -134,7 +134,7 @@ int shm_main_init(struct daemon* daemon) return 0; } - daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0666); + daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0644); if (daemon->shm_info->id_arr < 0) {