Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: Buildroot: incorrect permissons on /dev/shm

Related Vulnerabilities: CVE-2024-34455  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Buildroot: incorrect permissons on /dev/shm

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Peter Korsgaard &lt;peter () korsgaard com&gt;

Date: Tue, 07 May 2024 11:10:14 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
"Yann" == Yann E MORIN &lt;yann.morin.1998 () free fr&gt; writes:

Ben, All,
On 2024-05-06 12:24 +0200, Ben Hutchings via buildroot spake thusly:
On Thu, Apr 11, 2024 at 05:31:02PM +0200, Ben Hutchings wrote:
Buildroot is a Linux distribution and system builder for embedded
systems.  Starting in Buildroot 2011.08, its default /etc/fstab
included an entry for /dev/shm with incorrect permissons (sticky bit
not set). (CWE-276)

Buildroot 2017.08 removed this entry for systems using systemd, and it
has never been included for systems using OpenRC.  So this only
affects Buildroot-built systems that use sysvinit, and some older
systems that use systemd.
[...]

This has been assigned CVE-2024-34455.

Thanks for th efeedback. The fix has already been committed, with commit
0b2967e158 (package/skeleton-init-sysv: Set sticky bit on /dev/shm) that
I applied on 2024-04-11.

And it is included in the recently released 2024.02.2 rlease:

https://lore.kernel.org/buildroot/874jbaxb7g.fsf () dell be 48ers dk/T/#u

-- 
Bye, Peter Korsgaard

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

[PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Ben Hutchings (Apr 11)

Buildroot: incorrect permissons on /dev/shm Ben Hutchings (Apr 11)

Re: Buildroot: incorrect permissons on /dev/shm Ben Hutchings (May 06)

Re: [Buildroot] Buildroot: incorrect permissons on /dev/shm Yann E. MORIN (May 06)
Re: Buildroot: incorrect permissons on /dev/shm Peter Korsgaard (May 07)

Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Yann E. MORIN (Apr 11)

Re: [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Peter Korsgaard (May 06)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started