On Thu, 10 Oct 2013, Matthieu Herrb wrote: > On Wed, Oct 09, 2013 at 08:51:54PM +0100, Stuart Henderson wrote: > > > > -------------------- > > > > - Change all shmget calls to user-only memory (security) > > > > > > > > So yes, the problem is due to qt4, which use more strict permissions > > > > for shmget. > > > > > > The aforementioned change was done to fix CVE-2013-0254. > > > > > > Here's the commit: > > > > > > https://qt.gitorious.org/qt/qt/commit/20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c?format=patch > > > > > > So what now? Revert a security fix? > > > > Debian ran into this with kfreebsd, they have applied this to xserver > > > > http://people.debian.org/~jcristau/kbsd-peercred.diff > > This is related, but not the same issue. On other systems the X server > is still running as root and thus has full access to shared memory > segments. > > Since a client can pass a shm id to the X server and as it to render > the image contained herein, this would allow any X client to read > arbitrary shms on which they have normally no access: > http://www.securityfocus.com/bid/4396 > > So the X server has to re-implement access() to check if the uid/gid > of the client asking the X server to access a given shmid have the > required privilege or not. And thus in this case it's important to > have a working getpeercred() or similar to do the check. > > So this won't help in our case.
So, from your pov, reverting: https://qt.gitorious.org/qt/qt/commit/20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c?format=patch and go back to the 4.8.2 situation, would it be a big security issue for us? ciao, David
