Your message dated Sat, 3 May 2014 14:04:14 -0400
with message-id
<CANTw=MPa40H+AEUa7z8q8s4=me+zlsjhdvx9dkbyvjourbp...@mail.gmail.com>
and subject line Re: [Pkg-chromium-maint] Bug#709413: chromium:
org.chromium.Chromium.shmem.* permissions world-readable
has caused the Debian Bug report #709413,
regarding chromium: org.chromium.Chromium.shmem.* permissions world-readable
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
709413: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709413
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chromium
Version: 26.0.1410.43-1
Severity: normal
Dear Maintainer,
Chromium creates POSIX shared memory segments with permissions that
allow any user on the system to read them.
I don't know whether there's anything sensitive in those segments;
sadly I don't know how to find out (I don't have the time to
investigate the source code at this time).
Here are some examples, from different users running Chromium on my
system:
$ l /dev/shm/org.chromium.Chromium.shmem.*
-rw-r--r-- 1 chrismail chrismail 260 2013-05-13 01:25
/dev/shm/org.chromium.Chromium.shmem.8F157083E4C5D118692ECEA3F8925C501A0C9558._service_shmem
-rw-r--r-- 1 chrisgithub chrisgithub 260 2013-05-20 04:03
/dev/shm/org.chromium.Chromium.shmem.88EB5F605BFD05F29C82F039DADD47B63D8BCA38._service_shmem
-rw-rw-r-- 1 chrissbx chrissbx 260 2013-05-21 03:55
/dev/shm/org.chromium.Chromium.shmem.A6EE7475E44E356681B9DAB490DFAC5558C57F47._service_shmem
(It might be creating the segments using something like
shm_open (somename, someflags, 0666)
which is modified by the the umask in use, which might lead to the
differences in group permissions shown; although chrissbx usually has
umask 0022, which kinda contradicts this idea; not sure how comes.)
-- System Information:
Debian Release: 7.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500,
'stable'), (500, 'oldstable')
Architecture: i386 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages chromium depends on:
ii chromium-inspector 26.0.1410.43-1
ii gconf-service 3.2.5-1+build1
ii libasound2 1.0.25-4
ii libatk1.0-0 2.4.0-2
ii libbz2-1.0 1.0.6-4
ii libc6 2.13-38
ii libcairo2 1.12.2-3
ii libcups2 1.5.3-5
ii libdbus-1-3 1.6.8-1
ii libevent-2.0-5 2.0.19-stable-3
ii libexpat1 2.1.0-1
ii libflac8 1.2.1-6
ii libfontconfig1 2.9.0-7.1
ii libfreetype6 2.4.9-1.1
ii libgcc1 1:4.7.2-5
ii libgconf-2-4 3.2.5-1+build1
ii libgcrypt11 1.5.0-5
ii libgdk-pixbuf2.0-0 2.26.1-1
ii libglib2.0-0 2.33.12+really2.32.4-5
ii libgnome-keyring0 3.4.1-1
ii libgtk2.0-0 2.24.10-2
ii libjpeg8 8d-1
ii libnspr4 2:4.9.2-1
ii libnss3 2:3.14.3-1
ii libnss3-1d 2:3.14.3-1
ii libpango1.0-0 1.30.0-1
ii libpulse0 2.0-6.1
ii libspeechd2 0.7.1-6.2
ii libspeex1 1.2~rc1-7
ii libstdc++6 4.7.2-5
ii libudev0 175-7.2
ii libx11-6 2:1.5.0-1
ii libxcomposite1 1:0.4.3-2
ii libxdamage1 1:1.1.3-2
ii libxext6 2:1.3.1-2
ii libxfixes3 1:5.0-4
ii libxml2 2.8.0+dfsg1-7+nmu1
ii libxrandr2 2:1.3.2-2
ii libxrender1 1:0.9.7-1
ii libxslt1.1 1.1.26-14.1
ii libxss1 1:1.2.2-1
ii xdg-utils 1.1.0~rc1+git20111210-6
chromium recommends no packages.
Versions of packages chromium suggests:
pn chromium-l10n <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
On Thu, May 23, 2013 at 2:27 AM, Christian Jaeger wrote:
> Chromium creates POSIX shared memory segments with permissions that
> allow any user on the system to read them.
Current versions don't seem to use /dev/shm like this anymore.
Best wishes,
Mike
--- End Message ---
