oss-sec mailing list archives
Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm
From: "Yann E. MORIN" <yann.morin.1998 () free fr>
Date: Thu, 11 Apr 2024 20:31:42 +0200
Ben, All, On 2024-04-11 17:20 +0200, Ben Hutchings via buildroot spake thusly:
/dev/shm is a world-writable directory, like /tmp, and should also have the sticky bit set. Without this, any user can delete and replace another user's files in /dev/shm.
Indeed, good catch!
This bug has been present since /dev/shm was added to the skeleton /etc/fstab, but appears to have been fixed for systems using systemd by commit 76fc9275f14e "system: separate sysv and systemd parts of the skeleton" which went into Buildroot 2017.08. Signed-off-by: Ben Hutchings <ben.hutchings () mind be> Fixes: 22fde22e35f98f7830c2f8955465532328348cd1
Applied to master, thanks. Regards, Yann E. MORIN.
--- package/skeleton-init-sysv/skeleton/etc/fstab | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/skeleton-init-sysv/skeleton/etc/fstab b/package/skeleton-init-sysv/skeleton/etc/fstab index 169054b74f..06c20fe9d5 100644 --- a/package/skeleton-init-sysv/skeleton/etc/fstab +++ b/package/skeleton-init-sysv/skeleton/etc/fstab @@ -2,7 +2,7 @@ /dev/root / ext2 rw,noauto 0 1 proc /proc proc defaults 0 0 devpts /dev/pts devpts defaults,gid=5,mode=620,ptmxmode=0666 0 0 -tmpfs /dev/shm tmpfs mode=0777 0 0 +tmpfs /dev/shm tmpfs mode=1777 0 0 tmpfs /tmp tmpfs mode=1777 0 0 tmpfs /run tmpfs mode=0755,nosuid,nodev 0 0 sysfs /sys sysfs defaults 0 0 -- 2.39.2 _______________________________________________ buildroot mailing list buildroot () buildroot org https://lists.buildroot.org/mailman/listinfo/buildroot
-- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------'
Current thread:
- [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Ben Hutchings (Apr 11)
- Buildroot: incorrect permissons on /dev/shm Ben Hutchings (Apr 11)
- Re: Buildroot: incorrect permissons on /dev/shm Ben Hutchings (May 06)
- Re: [Buildroot] Buildroot: incorrect permissons on /dev/shm Yann E. MORIN (May 06)
- Re: Buildroot: incorrect permissons on /dev/shm Peter Korsgaard (May 07)
- Re: Buildroot: incorrect permissons on /dev/shm Ben Hutchings (May 06)
- Buildroot: incorrect permissons on /dev/shm Ben Hutchings (Apr 11)
- Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Yann E. MORIN (Apr 11)
- Re: [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Peter Korsgaard (May 06)