Fwd: [oss-security] "I miss LSD", slides, paper and tools relating to finding UNIX system level vulnerabilities (as given at 44CON)
Matthieu Herrb
matthieu.herrb at laas.fr
Thu Nov 14 23:25:07 PST 2013
On Fri, Nov 15, 2013 at 02:16:19AM -0500, Mouse wrote:
> > My understanding is that the new code, by passing shared memory
> > through fd is a lot better since [...]
>
> In those respects, yes. But it's worse in that it requires write
> access to a filesystem - a filesystem which supports mmap - with space
> enough to hold the shared memory segments, which MIT-SHM doesn't.
>
> Tradeoffs, tradeoffs....
>
> > it doesn't rely on file system permissions to control access,
>
> Neither does MIT-SHM, I thought. I thought it relied on shared memory
> segment permissions (which in some respects look and work like
> filesystem permissions, but actually have nothing to do with any
> filesystem).
Yes I meant filessystem-like permissions, where a non root uid cannot
grant access to a resource to another uid.
--
Matthieu Herrb
More information about the xorg-devel
mailing list