From 19896e7fb63db73c4a66b68a79d7cbd039198a1d Mon Sep 17 00:00:00 2001 From: Simon Ser Date: Thu, 12 May 2022 19:58:50 +0200 Subject: [PATCH] util/shm: clear mode permission bits in allocate_shm_file_pair This ensures the file cannot be re-opened with write permissions. Closes: https://gitlab.freedesktop.org/wlroots/wlroots/-/issues/3429 --- util/shm.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/util/shm.c b/util/shm.c index e0d84e8e..6fddebbb 100644 --- a/util/shm.c +++ b/util/shm.c @@ -3,6 +3,7 @@ #include #include #include +#include #include #include #include @@ -73,6 +74,14 @@ bool allocate_shm_file_pair(size_t size, int *rw_fd_ptr, int *ro_fd_ptr) { shm_unlink(name); + // Make sure the file cannot be re-opened in read-write mode (e.g. via + // "/proc/self/fd/" on Linux) + if (fchmod(rw_fd, 0) != 0) { + close(rw_fd); + close(ro_fd); + return false; + } + int ret; do { ret = ftruncate(rw_fd, size);