oss-sec mailing list archives

Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm

From: "Yann E. MORIN" <yann.morin.1998 () free fr>
Date: Thu, 11 Apr 2024 20:31:42 +0200

Ben, All,

On 2024-04-11 17:20 +0200, Ben Hutchings via buildroot spake thusly:

/dev/shm is a world-writable directory, like /tmp, and should also
have the sticky bit set.  Without this, any user can delete and
replace another user's files in /dev/shm.


Indeed, good catch!

This bug has been present since /dev/shm was added to the skeleton
/etc/fstab, but appears to have been fixed for systems using systemd
by commit 76fc9275f14e "system: separate sysv and systemd parts of the
skeleton" which went into Buildroot 2017.08.

Signed-off-by: Ben Hutchings <ben.hutchings () mind be>
Fixes: 22fde22e35f98f7830c2f8955465532328348cd1


Applied to master, thanks.

Regards,
Yann E. MORIN.

---
 package/skeleton-init-sysv/skeleton/etc/fstab | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/skeleton-init-sysv/skeleton/etc/fstab b/package/skeleton-init-sysv/skeleton/etc/fstab
index 169054b74f..06c20fe9d5 100644
--- a/package/skeleton-init-sysv/skeleton/etc/fstab
+++ b/package/skeleton-init-sysv/skeleton/etc/fstab
@@ -2,7 +2,7 @@
 /dev/root    /               ext2    rw,noauto       0       1
 proc         /proc           proc    defaults        0       0
 devpts               /dev/pts        devpts  defaults,gid=5,mode=620,ptmxmode=0666   0       0
-tmpfs                /dev/shm        tmpfs   mode=0777       0       0
+tmpfs                /dev/shm        tmpfs   mode=1777       0       0
 tmpfs                /tmp            tmpfs   mode=1777       0       0
 tmpfs                /run            tmpfs   mode=0755,nosuid,nodev  0       0
 sysfs                /sys            sysfs   defaults        0       0
-- 
2.39.2

_______________________________________________
buildroot mailing list
buildroot () buildroot org
https://lists.buildroot.org/mailman/listinfo/buildroot


-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

Current thread:

[PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Ben Hutchings (Apr 11)
- Buildroot: incorrect permissons on /dev/shm Ben Hutchings (Apr 11)
  - Re: Buildroot: incorrect permissons on /dev/shm Ben Hutchings (May 06)
    - Re: [Buildroot] Buildroot: incorrect permissons on /dev/shm Yann E. MORIN (May 06)
    - Re: Buildroot: incorrect permissons on /dev/shm Peter Korsgaard (May 07)
- Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Yann E. MORIN (Apr 11)
- Re: [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Peter Korsgaard (May 06)