Fwd: [oss-security] "I miss LSD", slides, paper and tools relating to finding UNIX system level vulnerabilities (as given at 44CON)

Matthieu Herrb matthieu.herrb at laas.fr
Thu Nov 14 23:25:07 PST 2013


On Fri, Nov 15, 2013 at 02:16:19AM -0500, Mouse wrote:
> > My understanding is that the new code, by passing shared memory
> > through fd is a lot better since [...]
> 
> In those respects, yes.  But it's worse in that it requires write
> access to a filesystem - a filesystem which supports mmap - with space
> enough to hold the shared memory segments, which MIT-SHM doesn't.
> 
> Tradeoffs, tradeoffs....
> 
> > it doesn't rely on file system permissions to control access,
> 
> Neither does MIT-SHM, I thought.  I thought it relied on shared memory
> segment permissions (which in some respects look and work like
> filesystem permissions, but actually have nothing to do with any
> filesystem).

Yes I meant filessystem-like permissions, where a non root uid  cannot
grant access to a resource to another uid. 

-- 
Matthieu Herrb


More information about the xorg-devel mailing list