[cairo-bugs] [Bug 90512] New: Unsecure/unreliable shared memory

[bugzilla-daemon at freedesktop.org]

https://bugs.freedesktop.org/show_bug.cgi?id=90512

            Bug ID: 90512
           Summary: Unsecure/unreliable shared memory
           Product: cairo
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: medium
         Component: general
          Assignee: chris at chris-wilson.co.uk
          Reporter: wbrana at gmail.com
        QA Contact: cairo-bugs at cairographics.org

Cairo is using shared memory using shmget with permissions 600 in following
files:
cairo-xlib-surface-shm.c
cairo-xcb-shm.c
cairo-xcb-connection.c
which
- is unsecure because other applications from same user can access that memory
using shmat and shmid from /proc/sysvipc/shm
- doesn't work if application is running as different non-root user from
Xserver

Cairo should use new functions with Xserver 1.15 and newer:

"In the 1.15 release of the X.org server[1] the MIT-SHM extension gains two
additional requests: 'X_ShmAttachFd' and 'X_ShmCreateSegment', to be able to
pass shared memory through file descriptors from client to server and from
server to client"

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20150518/b66a00b5/attachment.html>