mirror of
https://github.com/Stichting-MINIX-Research-Foundation/pkgsrc-ng.git
synced 2025-09-21 18:48:05 -04:00
18 lines
1016 B
Plaintext
18 lines
1016 B
Plaintext
System V shared memory segments created with shmget() are assigned an
|
|
owner, a group and a set of permissions intended to limit access to
|
|
the segment to designated processes only. The owner of a shared
|
|
memory segment can change the ownership and permissions on a segment
|
|
after its creation using shmctl(). Any subsequent processes that wish
|
|
to attach to the segment can only do so if they have the appropriate
|
|
permissions. Once attached, the process can read or write to the
|
|
segment, as per the permissions that were set when the segment was
|
|
created.
|
|
|
|
smaSHeM takes advantage of applications that set weak permissions on
|
|
such segments, allowing an attacker to dump or patch their contents.
|
|
As discussed in the presentation at 44CON 2013 entitled 'I Miss LSD',
|
|
in the case of many X11 applications it is possible to extract pixmaps
|
|
of previously rendered GUI artifacts. When compiled with QtCore
|
|
linking enabled, smaSHeM aids in that process by brute forcing
|
|
potentially valid dimensions for the raw pixmap dump.
|