* Alan Coopersmith ([email protected]) wrote: > As we expand our use of shared memory via the new extensions, we should try > to make sure we're not making more problems along the lines of those mentioned > in the presentation linked below & associated whitepaper published at: > http://labs.portcullis.co.uk/whitepapers/memory-squatting-attacks-on-system-v-shared-memory/ > > (It does seem most of the issues are in the clients creating shmem insecurely > before passing it to the X libraries, but I've not had time to do much > analysis > beyond a quick readthrough of the slides & paper.)
The clients having to implement all the shm glue themselves can't have helped; if that was all implemented in an X library call there wouldn't have been anywhere near as many screwups. Dave -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux | Happy \ \ gro.gilbert @ treblig.org | | In Hex / \ _________________________|_____ http://www.treblig.org |_______/ _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
