./security/smaSHeM, System V shared memory segment manipulator

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.4, Package name: smaSHeM-0.4, Maintainer: agc

System V shared memory segments created with shmget() are assigned an
owner, a group and a set of permissions intended to limit access to
the segment to designated processes only. The owner of a shared
memory segment can change the ownership and permissions on a segment
after its creation using shmctl(). Any subsequent processes that wish
to attach to the segment can only do so if they have the appropriate
permissions. Once attached, the process can read or write to the
segment, as per the permissions that were set when the segment was
created.

smaSHeM takes advantage of applications that set weak permissions on
such segments, allowing an attacker to dump or patch their contents.
As discussed in the presentation at 44CON 2013 entitled 'I Miss LSD',
in the case of many X11 applications it is possible to extract pixmaps
of previously rendered GUI artifacts. When compiled with QtCore
linking enabled, smaSHeM aids in that process by brute forcing
potentially valid dimensions for the raw pixmap dump.


Master sites:

SHA1: 2eb22f2db02bd362a350d2d624ac431b1cfadc90
RMD160: e968da7aaba5dfdd4050804f88ae08bf840345ab
Filesize: 210.04 KB

Version history: (Expand)


CVS history: (Expand)


   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2013-12-06 22:26:05 by Joerg Sonnenberger | Files touched by this commit (2)
Log message:
Don't use void * arithmetic. Fix some const issues.
   2013-11-15 06:11:51 by Alistair G. Crooks | Files touched by this commit (5) | Imported package
Log message:
Initial import of smaSHeM, version 0.4, into the packages collection.

	System V shared memory segments created with shmget() are assigned an
	owner, a group and a set of permissions intended to limit access to
	the segment to designated processes only.  The owner of a shared
	memory segment can change the ownership and permissions on a segment
	after its creation using shmctl().  Any subsequent processes that wish
	to attach to the segment can only do so if they have the appropriate
	permissions.  Once attached, the process can read or write to the
	segment, as per the permissions that were set when the segment was
	created.

	smaSHeM takes advantage of applications that set weak permissions on
	such segments, allowing an attacker to dump or patch their contents.
	As discussed in the presentation at 44CON 2013 entitled 'I Miss LSD',
	in the case of many X11 applications it is possible to extract pixmaps
	of previously rendered GUI artifacts.  When compiled with QtCore
	linking enabled, smaSHeM aids in that process by brute forcing
	potentially valid dimensions for the raw pixmap dump.