Received: by 2002:ab2:7988:0:b0:1f4:b336:87c4 with SMTP id g8csp123320lqj;
        Thu, 11 Apr 2024 11:36:00 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCVrioGd0soN4rupi8Jlf52N/dTTYIM5w13WA/f53UlFSHTEY22C789lgOLIdP4vhjouDpFILNgM8wb+2T/J0Ov5nfbC47IuJSTCKmWaug==
X-Google-Smtp-Source: AGHT+IEZiROtL6TpyCCWsQcyUD+m9sOO2Fv+quyZVjzGbM3vNiHh5s1yD5akCoEgJlMuHyeSYEcl
X-Received: by 2002:a05:620a:29d1:b0:78d:5e84:5655 with SMTP id s17-20020a05620a29d100b0078d5e845655mr651546qkp.5.1712860560112;
        Thu, 11 Apr 2024 11:36:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712860560; cv=none;
        d=google.com; s=arc-20160816;
        b=DXLawsv6NzS6ndG5tXd7joxc1IMCYat3TnO50f0SdQABc7217oIg6/zwHdxue8nwWr
         CDKkiVlXNdkArA6URnZYv9/NI3zxks5y+Q/58L1ldUcgoEDxJMneAEQuJXlvxIfAU/EV
         VgRQkL4tkf8yrWAZT9GvGMUb8JP5OEKvvWXeqdDD/pHRfzU0mmTXr3ZV3LlCODLqUHKS
         tDcjn9l1hrcFH6Ke5m1yfmNlRqacO8sOS4y7c3cFqZL+412XEuQIO+y+XUi0Jyc35z2n
         1yOduQ1wWHIyjRRwS0K+lbjIx+fJ7f1f2pctVdDfkNj4AUMCQVvuZ4V+CZKQiJDmgjkP
         5evw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=subject:in-reply-to:content-disposition:mime-version:references
         :message-id:cc:to:from:date:dkim-signature:delivered-to:delivered-to
         :reply-to:list-id:list-subscribe:list-unsubscribe:list-help
         :list-post:precedence:mailing-list;
        bh=KVCFfGsG7Gp59gC5MbWOD03T+k9uIFf501A2YSRl9TI=;
        fh=fdN2WtYGKxpqcdxsisTmX/XOHO5P/84YTVzDKDA87ow=;
        b=PZDcZdaVmhyZf2k9pyo4zGvqURLURpJlwDNQYQgQ1UdgfKQ7+uKcIhms1syZrrNErV
         oCMOYOQ7ramHL8BiC6562/gKZBUUHPVgHqrZuYf6W1MulOM5ehxRdQYYfPh6E0AXZ3xG
         vyfcJFilHGcRGq7X9xCKZk8VGsLKtVwnqILeGuYMMvZuTFs9Aw/YaPRPafnPZPje7crb
         gMZ+USJOYl9RsjgfH1a30mE/Aml42teZhHM7GeTRd5dZ9cFffonme7Vr3kbVE1s5Zir3
         yy1SV1JujbL0bJ+WgI8EnzRs9n/QnXQWP9AuiceONS9Ru92VvYSVWY34aNr4bWDOqFgz
         HdQw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@free.fr header.s=smtp-20201208 header.b="Zbipt+/l";
       spf=pass (google.com: domain of oss-security-return-30011-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30011-linux.lists.archive=gmail.com@lists.openwall.com";
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=free.fr
Return-Path: <oss-security-return-30011-linux.lists.archive=gmail.com@lists.openwall.com>
Received: from second.openwall.net (second.openwall.net. [193.110.157.125])
        by mx.google.com with SMTP id d24-20020a05620a159800b0078d37c6792csi2003664qkk.764.2024.04.11.11.35.59
        for <linux.lists.archive@gmail.com>;
        Thu, 11 Apr 2024 11:36:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of oss-security-return-30011-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@free.fr header.s=smtp-20201208 header.b="Zbipt+/l";
       spf=pass (google.com: domain of oss-security-return-30011-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30011-linux.lists.archive=gmail.com@lists.openwall.com";
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=free.fr
Received: (qmail 30246 invoked by uid 550); 11 Apr 2024 18:35:41 -0000
Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:oss-security@lists.openwall.com>
List-Help: <mailto:oss-security-help@lists.openwall.com>
List-Unsubscribe: <mailto:oss-security-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:oss-security-subscribe@lists.openwall.com>
List-ID: <oss-security.lists.openwall.com>
Reply-To: oss-security@lists.openwall.com
Delivered-To: mailing list oss-security@lists.openwall.com
Delivered-To: moderator for oss-security@lists.openwall.com
Received: (qmail 19559 invoked from network); 11 Apr 2024 18:31:53 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=free.fr;
	s=smtp-20201208; t=1712860305;
	bh=Zk6ut21mnKAFLwo/WiWATs2dP2jwliV/O9CeCArGc7Q=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=Zbipt+/lihXBF1urbyyNiDZUVuDvSQ+jevMGiiC+I4OwqiDmS9SmGIKq7HLAHpTn4
	 FovF3xphVnuPJAWDOQIELW6Lq7TV5/PUayr8JR96bActLTyAQy8Eeg+K1/Bfr0JPpB
	 ig7ziNpzCPe3re21wI5oUpuDxSJE2+DaZPKUJw3vd02VN9Ay4C5wrFGDyDsfO3ROd/
	 0s7tz5cyAMD9gtfLLW2a6nB/aumZjSxeZ2Mpr/p8V4SnYSUm642LMeusqIZn/QO/bP
	 VVcQqg9/LSVpHjlYFNh/uObMG0Mb9p69XHyjzqZdnWPn/H41GZ2m7XVNfPKA16AErk
	 fXU8mCyFYE1dw==
Date: Thu, 11 Apr 2024 20:31:42 +0200
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Ben Hutchings <ben.hutchings@mind.be>
Cc: buildroot@buildroot.org, oss-security@lists.openwall.com
Message-ID: <ZhgsjkTpLfChnX_U@landeda>
References: <20240411152016.1185109-1-ben.hutchings@mind.be>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20240411152016.1185109-1-ben.hutchings@mind.be>
Subject: [oss-security] Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit
 on /dev/shm

Ben, All,

On 2024-04-11 17:20 +0200, Ben Hutchings via buildroot spake thusly:
> /dev/shm is a world-writable directory, like /tmp, and should also
> have the sticky bit set.  Without this, any user can delete and
> replace another user's files in /dev/shm.

Indeed, good catch!

> This bug has been present since /dev/shm was added to the skeleton
> /etc/fstab, but appears to have been fixed for systems using systemd
> by commit 76fc9275f14e "system: separate sysv and systemd parts of the
> skeleton" which went into Buildroot 2017.08.
> 
> Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
> Fixes: 22fde22e35f98f7830c2f8955465532328348cd1

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/skeleton-init-sysv/skeleton/etc/fstab | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/package/skeleton-init-sysv/skeleton/etc/fstab b/package/skeleton-init-sysv/skeleton/etc/fstab
> index 169054b74f..06c20fe9d5 100644
> --- a/package/skeleton-init-sysv/skeleton/etc/fstab
> +++ b/package/skeleton-init-sysv/skeleton/etc/fstab
> @@ -2,7 +2,7 @@
>  /dev/root	/		ext2	rw,noauto	0	1
>  proc		/proc		proc	defaults	0	0
>  devpts		/dev/pts	devpts	defaults,gid=5,mode=620,ptmxmode=0666	0	0
> -tmpfs		/dev/shm	tmpfs	mode=0777	0	0
> +tmpfs		/dev/shm	tmpfs	mode=1777	0	0
>  tmpfs		/tmp		tmpfs	mode=1777	0	0
>  tmpfs		/run		tmpfs	mode=0755,nosuid,nodev	0	0
>  sysfs		/sys		sysfs	defaults	0	0
> -- 
> 2.39.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'