CVS: cvs.openbsd.org: xenocara

Jonathan Gray Sat, 23 Nov 2019 16:36:23 -0800

CVSROOT:        /cvs
Module name:    xenocara
Changes by:     j...@cvs.openbsd.org    2019/11/23 17:35:40


Modified files:
        lib/mesa/src/gallium/winsys/sw/dri: Tag: OPENBSD_6_6 
                                            dri_sw_winsys.c 
        lib/mesa/src/gallium/winsys/sw/xlib: Tag: OPENBSD_6_6 
                                             xlib_sw_winsys.c 
        lib/mesa/src/mesa/drivers/x11: Tag: OPENBSD_6_6 xm_buffer.c 

Log message:
Call shmget() with permission 0600 instead of 0777

>From Brian Paul
02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc in mainline Mesa

"A security advisory (TALOS-2019-0857/CVE-2019-5068) found that
creating shared memory regions with permission mode 0777 could allow
any user to access that memory.  Several Mesa drivers use shared-
memory XImages to implement back buffers for improved performance.

This path changes the shmget() calls to use 0600 (user r/w).

Tested with legacy Xlib driver and llvmpipe."

OpenBSD 6.6 errata 008

CVS: cvs.openbsd.org: xenocara

Reply via email to