CVSROOT: /cvs
Module name: xenocara
Changes by: j...@cvs.openbsd.org 2019/11/19 20:13:04
Modified files:
lib/mesa/src/gallium/winsys/sw/dri: dri_sw_winsys.c
lib/mesa/src/gallium/winsys/sw/xlib: xlib_sw_winsys.c
lib/mesa/src/mesa/drivers/x11: xm_buffer.c
Log message:
Call shmget() with permission 0600 instead of 0777
>From Brian Paul
02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc in mainline Mesa
"A security advisory (TALOS-2019-0857/CVE-2019-5068) found that
creating shared memory regions with permission mode 0777 could allow
any user to access that memory. Several Mesa drivers use shared-
memory XImages to implement back buffers for improved performance.
This path changes the shmget() calls to use 0600 (user r/w).
Tested with legacy Xlib driver and llvmpipe."
