summary refs log tree commit diff
path: root/pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch')
-rw-r--r--pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch66
1 files changed, 66 insertions, 0 deletions
diff --git a/pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch b/pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch
new file mode 100644
index 000000000000..48cc05f1800d
--- /dev/null
+++ b/pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch
@@ -0,0 +1,66 @@
+From 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c Mon Sep 17 00:00:00 2001
+From: Thiago Macieira <thiago.macieira@intel.com>
+Date: Sat, 22 Dec 2012 08:32:12 -0800
+Subject: [PATCH] Change all shmget calls to user-only memory
+
+Drop the read and write permissions for group and other users in the
+system.
+
+Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876
+(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5)
+Reviewed-by: Richard J. Moore <rich@kde.org>
+---
+ src/corelib/kernel/qsharedmemory_unix.cpp          |    6 +++---
+ src/corelib/kernel/qsystemsemaphore_unix.cpp       |    4 ++--
+
+diff --git a/src/corelib/kernel/qsharedmemory_unix.cpp b/src/corelib/kernel/qsharedmemory_unix.cpp
+index 20d76e3..4cf3acf 100644
+--- a/src/corelib/kernel/qsharedmemory_unix.cpp
++++ b/src/corelib/kernel/qsharedmemory_unix.cpp
+@@ -238,7 +238,7 @@ bool QSharedMemoryPrivate::create(int size)
+     }
+ 
+     // create
+-    if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) {
++    if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) {
+         QString function = QLatin1String("QSharedMemory::create");
+         switch (errno) {
+         case EINVAL:
+@@ -293,7 +293,7 @@ bool QSharedMemoryPrivate::attach(QSharedMemory::AccessMode mode)
+ {
+ #ifndef QT_POSIX_IPC
+     // grab the shared memory segment id
+-    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 0660));
++    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 0600));
+     if (-1 == id) {
+         setErrorString(QLatin1String("QSharedMemory::attach (shmget)"));
+         return false;
+@@ -381,7 +381,7 @@ bool QSharedMemoryPrivate::detach()
+     size = 0;
+ 
+     // Get the number of current attachments
+-    int id = shmget(unix_key, 0, 0444);
++    int id = shmget(unix_key, 0, 0400);
+     cleanHandle();
+ 
+     struct shmid_ds shmid_ds;
+diff --git a/src/corelib/kernel/qsystemsemaphore_unix.cpp b/src/corelib/kernel/qsystemsemaphore_unix.cpp
+index fad9acc..e77456b 100644
+--- a/src/corelib/kernel/qsystemsemaphore_unix.cpp
++++ b/src/corelib/kernel/qsystemsemaphore_unix.cpp
+@@ -153,10 +153,10 @@ key_t QSystemSemaphorePrivate::handle(QSystemSemaphore::AccessMode mode)
+     }
+ 
+     // Get semaphore
+-    semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL);
++    semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL);
+     if (-1 == semaphore) {
+         if (errno == EEXIST)
+-            semaphore = semget(unix_key, 1, 0666 | IPC_CREAT);
++            semaphore = semget(unix_key, 1, 0600 | IPC_CREAT);
+         if (-1 == semaphore) {
+             setErrorString(QLatin1String("QSystemSemaphore::handle"));
+             cleanHandle();
+-- 
+1.7.1
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-06 10:29:23 +0000