Fwd: [oss-security] "I miss LSD", slides, paper and tools relating to finding UNIX system level vulnerabilities (as given at 44CON)
Dr. David Alan Gilbert
dave at treblig.org
Fri Nov 15 04:37:36 PST 2013
* Alan Coopersmith (alan.coopersmith at oracle.com) wrote:
> As we expand our use of shared memory via the new extensions, we should try
> to make sure we're not making more problems along the lines of those mentioned
> in the presentation linked below & associated whitepaper published at:
> http://labs.portcullis.co.uk/whitepapers/memory-squatting-attacks-on-system-v-shared-memory/
>
> (It does seem most of the issues are in the clients creating shmem insecurely
> before passing it to the X libraries, but I've not had time to do much analysis
> beyond a quick readthrough of the slides & paper.)
The clients having to implement all the shm glue themselves can't have
helped; if that was all implemented in an X library call there wouldn't have been
anywhere near as many screwups.
Dave
--
-----Open up your eyes, open up your mind, open up your code -------
/ Dr. David Alan Gilbert | Running GNU/Linux | Happy \
\ gro.gilbert @ treblig.org | | In Hex /
\ _________________________|_____ http://www.treblig.org |_______/
More information about the xorg-devel
mailing list