* [Buildroot] [PATCH 1/1] package/x11vnc: fix CVE-2020-29074
@ 2020-12-03 20:10 Fabrice Fontaine
2020-12-05 20:32 ` Thomas Petazzoni
2020-12-12 11:04 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2020-12-03 20:10 UTC (permalink / raw)
To: buildroot
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which
allows access by actors other than the current user.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...ared-memory-segments-to-current-user.patch | 25 +++++++++++++++++++
1 file changed, 25 insertions(+)
create mode 100644 package/x11vnc/0002-scan-limit-access-to-shared-memory-segments-to-current-user.patch
diff --git a/package/x11vnc/0002-scan-limit-access-to-shared-memory-segments-to-current-user.patch b/package/x11vnc/0002-scan-limit-access-to-shared-memory-segments-to-current-user.patch
new file mode 100644
index 0000000000..e4dbdf1894
--- /dev/null
+++ b/package/x11vnc/0002-scan-limit-access-to-shared-memory-segments-to-current-user.patch
@@ -0,0 +1,25 @@
+From 69eeb9f7baa14ca03b16c9de821f9876def7a36a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Gu=C3=A9nal=20DAVALAN?= <guenal.davalan@uca.fr>
+Date: Wed, 18 Nov 2020 08:40:45 +0100
+Subject: [PATCH] scan: limit access to shared memory segments to current user
+
+[Retrieved from:
+https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/scan.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/scan.c b/src/scan.c
+index 43e00d2..12994d5 100644
+--- a/src/scan.c
++++ b/src/scan.c
+@@ -320,7 +320,7 @@ static int shm_create(XShmSegmentInfo *shm, XImage **ximg_ptr, int w, int h,
+
+ #if HAVE_XSHM
+ shm->shmid = shmget(IPC_PRIVATE,
+- xim->bytes_per_line * xim->height, IPC_CREAT | 0777);
++ xim->bytes_per_line * xim->height, IPC_CREAT | 0600);
+
+ if (shm->shmid == -1) {
+ rfbErr("shmget(%s) failed.\n", name);
--
2.29.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/x11vnc: fix CVE-2020-29074
2020-12-03 20:10 [Buildroot] [PATCH 1/1] package/x11vnc: fix CVE-2020-29074 Fabrice Fontaine
@ 2020-12-05 20:32 ` Thomas Petazzoni
2020-12-12 11:04 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2020-12-05 20:32 UTC (permalink / raw)
To: buildroot
On Thu, 3 Dec 2020 21:10:13 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which
> allows access by actors other than the current user.
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> ...ared-memory-segments-to-current-user.patch | 25 +++++++++++++++++++
> 1 file changed, 25 insertions(+)
> create mode 100644 package/x11vnc/0002-scan-limit-access-to-shared-memory-segments-to-current-user.patch
You have forgotten to update X11VNC_IGNORE_CVES, so I did that when
applying. Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/x11vnc: fix CVE-2020-29074
2020-12-03 20:10 [Buildroot] [PATCH 1/1] package/x11vnc: fix CVE-2020-29074 Fabrice Fontaine
2020-12-05 20:32 ` Thomas Petazzoni
@ 2020-12-12 11:04 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-12-12 11:04 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which
> allows access by actors other than the current user.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x, 2020.08.x and 2020.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-12 11:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-03 20:10 [Buildroot] [PATCH 1/1] package/x11vnc: fix CVE-2020-29074 Fabrice Fontaine
2020-12-05 20:32 ` Thomas Petazzoni
2020-12-12 11:04 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.