summary refs log tree commit diff
path: root/pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch
blob: 48cc05f1800d4eb59400555115ebf6a70a7851da (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

From 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Sat, 22 Dec 2012 08:32:12 -0800
Subject: [PATCH] Change all shmget calls to user-only memory

Drop the read and write permissions for group and other users in the
system.

Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876
(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5)
Reviewed-by: Richard J. Moore <rich@kde.org>
---
 src/corelib/kernel/qsharedmemory_unix.cpp          |    6 +++---
 src/corelib/kernel/qsystemsemaphore_unix.cpp       |    4 ++--

diff --git a/src/corelib/kernel/qsharedmemory_unix.cpp b/src/corelib/kernel/qsharedmemory_unix.cpp
index 20d76e3..4cf3acf 100644
--- a/src/corelib/kernel/qsharedmemory_unix.cpp
+++ b/src/corelib/kernel/qsharedmemory_unix.cpp
@@ -238,7 +238,7 @@ bool QSharedMemoryPrivate::create(int size)
     }
 
     // create
-    if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) {
+    if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) {
         QString function = QLatin1String("QSharedMemory::create");
         switch (errno) {
         case EINVAL:
@@ -293,7 +293,7 @@ bool QSharedMemoryPrivate::attach(QSharedMemory::AccessMode mode)
 {
 #ifndef QT_POSIX_IPC
     // grab the shared memory segment id
-    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 0660));
+    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 0600));
     if (-1 == id) {
         setErrorString(QLatin1String("QSharedMemory::attach (shmget)"));
         return false;
@@ -381,7 +381,7 @@ bool QSharedMemoryPrivate::detach()
     size = 0;
 
     // Get the number of current attachments
-    int id = shmget(unix_key, 0, 0444);
+    int id = shmget(unix_key, 0, 0400);
     cleanHandle();
 
     struct shmid_ds shmid_ds;
diff --git a/src/corelib/kernel/qsystemsemaphore_unix.cpp b/src/corelib/kernel/qsystemsemaphore_unix.cpp
index fad9acc..e77456b 100644
--- a/src/corelib/kernel/qsystemsemaphore_unix.cpp
+++ b/src/corelib/kernel/qsystemsemaphore_unix.cpp
@@ -153,10 +153,10 @@ key_t QSystemSemaphorePrivate::handle(QSystemSemaphore::AccessMode mode)
     }
 
     // Get semaphore
-    semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL);
+    semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL);
     if (-1 == semaphore) {
         if (errno == EEXIST)
-            semaphore = semget(unix_key, 1, 0666 | IPC_CREAT);
+            semaphore = semget(unix_key, 1, 0600 | IPC_CREAT);
         if (-1 == semaphore) {
             setErrorString(QLatin1String("QSystemSemaphore::handle"));
             cleanHandle();
-- 
1.7.1
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-06 07:07:44 +0000