Here's a patch from a Debian user regarding a possible security hole in 
GIMP's shared memory handling.


--- Begin Message ---
Package: gimp1.2
Version: 1.2.2-2.1
Severity: normal
Tags: security patch

Currently the shared memory region that gimp uses to communicate to
and from plugins is readable and writable by every user on the system.
This is not good.  I don't know what data or control information gimp
puts in this shared region, but someone could at least view or corrupt
your working image.  Anyway it isn't too hard to fix.

As far as I know plugins can only be run as the same user id as the
gimp.  Unless this isn't the case the following patch needs to be

Index: plug-in/plug-in.c
RCS file: /cvs/gnome/gimp/app/plug-in/plug-in.c,v
retrieving revision 1.180
diff -u -r1.180 plug-in.c
--- plug-in/plug-in.c   2002/05/21 10:58:30     1.180
+++ plug-in/plug-in.c   2002/06/12 02:16:58
@@ -192,7 +192,7 @@
 #ifdef HAVE_SHM_H
-  shm_ID = shmget (IPC_PRIVATE, TILE_WIDTH * TILE_HEIGHT * 4, IPC_CREAT | 0777);
+  shm_ID = shmget (IPC_PRIVATE, TILE_WIDTH * TILE_HEIGHT * 4, IPC_CREAT | 0600);
   if (shm_ID == -1)
     g_message ("shmget() failed: Disabling shared memory tile transport.");

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux SpacedOut 2.4.17 #9 Tue Apr 30 19:08:03 CDT 2002 i586

Versions of packages gimp1.2 depends on:
ii  aalib1                        1.4p5-9    ascii art library
ii  libc6                         2.2.5-6    GNU C Library: Shared libraries an
ii  libgimp1.2                    1.2.2-2.1  Libraries necessary to run the GIM
ii  libglib1.2                    1.2.10-3   The GLib library of C routines
ii  libgpmg1                      1.19.6-9   General Purpose Mouse Library [lib
ii  libgtk1.2                     1.2.10-9   The GIMP Toolkit set of widgets fo
ii  libgtkxmhtml1         The Gnome gtkxmhtml (HTML) widget
ii  libjpeg62                     6b-5       The Independent JPEG Group's JPEG 
ii  libmpeg1                      1.3.1-2.1  The MPEG library calls for movie s
ii  libpng2                       1.0.12-3   PNG library - runtime
ii  libtiff3g                     3.5.5-6    Tag Image File Format library
ii  slang1                        1.4.4-7.2  The S-Lang programming library - r
ii  xlibs                         4.1.0-13   X Window System client libraries
ii  zlib1g                        1:1.1.4-1  compression library - runtime

--- End Message ---

Reply via email to