oss-sec mailing list archives
Re: Buildroot: incorrect permissons on /dev/shm
From: Ben Hutchings <ben.hutchings () mind be>
Date: Mon, 6 May 2024 12:24:55 +0200
On Thu, Apr 11, 2024 at 05:31:02PM +0200, Ben Hutchings wrote:
Buildroot is a Linux distribution and system builder for embedded systems. Starting in Buildroot 2011.08, its default /etc/fstab included an entry for /dev/shm with incorrect permissons (sticky bit not set). (CWE-276) Buildroot 2017.08 removed this entry for systems using systemd, and it has never been included for systems using OpenRC. So this only affects Buildroot-built systems that use sysvinit, and some older systems that use systemd.
[...] This has been assigned CVE-2024-34455. Ben. -- Ben Hutchings · Senior Embedded Software Engineer, Essensium-Mind · mind.be
Current thread:
- [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Ben Hutchings (Apr 11)
- Buildroot: incorrect permissons on /dev/shm Ben Hutchings (Apr 11)
- Re: Buildroot: incorrect permissons on /dev/shm Ben Hutchings (May 06)
- Re: [Buildroot] Buildroot: incorrect permissons on /dev/shm Yann E. MORIN (May 06)
- Re: Buildroot: incorrect permissons on /dev/shm Peter Korsgaard (May 07)
- Re: Buildroot: incorrect permissons on /dev/shm Ben Hutchings (May 06)
- Buildroot: incorrect permissons on /dev/shm Ben Hutchings (Apr 11)
- Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Yann E. MORIN (Apr 11)
- Re: [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Peter Korsgaard (May 06)