From c54fe828860cdd53b89f942d1e9cc9337e12cadd Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Wed, 20 Nov 2019 11:13:45 +0100
Subject: [PATCH] - Fix Shared Memory World Writeable,   reported by X41 D-Sec.

---
 doc/Changelog            | 2 ++
 util/shm_side/shm_main.c | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/Changelog b/doc/Changelog
index fb44011f0..031e75301 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,8 @@
 	  reported by X41 D-Sec.
 	- Fix Race Condition in autr_tp_create(),
 	  reported by X41 D-Sec.
+	- Fix Shared Memory World Writeable,
+	  reported by X41 D-Sec.
 
 19 November 2019: Wouter
 	- Fix CVE-2019-18934, shell execution in ipsecmod.
diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c
index 374dd7fd8..46a71510f 100644
--- a/util/shm_side/shm_main.c
+++ b/util/shm_side/shm_main.c
@@ -121,7 +121,7 @@ int shm_main_init(struct daemon* daemon)
 		shmctl(daemon->shm_info->id_arr, IPC_RMID, NULL);
 
 	/* SHM: Create the segment */
-	daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct ub_shm_stat_info), IPC_CREAT | 0666);
+	daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct ub_shm_stat_info), IPC_CREAT | 0644);
 
 	if (daemon->shm_info->id_ctl < 0)
 	{
@@ -134,7 +134,7 @@ int shm_main_init(struct daemon* daemon)
 		return 0;
 	}
 
-	daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0666);
+	daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0644);
 
 	if (daemon->shm_info->id_arr < 0)
 	{
-- 
2.47.3