oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Buildroot] Buildroot: incorrect permissons on /dev/shm

From: "Yann E. MORIN" <yann.morin.1998 () free fr>
Date: Mon, 6 May 2024 20:32:01 +0200
Ben, All,

On 2024-05-06 12:24 +0200, Ben Hutchings via buildroot spake thusly:

On Thu, Apr 11, 2024 at 05:31:02PM +0200, Ben Hutchings wrote:

Buildroot is a Linux distribution and system builder for embedded
systems.  Starting in Buildroot 2011.08, its default /etc/fstab
included an entry for /dev/shm with incorrect permissons (sticky bit
not set). (CWE-276)

Buildroot 2017.08 removed this entry for systems using systemd, and it
has never been included for systems using OpenRC.  So this only
affects Buildroot-built systems that use sysvinit, and some older
systems that use systemd.

[...]

This has been assigned CVE-2024-34455.


Thanks for th efeedback. The fix has already been committed, with commit
0b2967e158 (package/skeleton-init-sysv: Set sticky bit on /dev/shm) that
I applied on 2024-04-11.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
Previous By Date Next
Previous By Thread Next

Current thread: