[MPlayer-dev-eng] [PATCH] Secure IPC perms

Wladmis dev at wladmis.org
Sat Apr 22 19:36:17 EEST 2023


From: "Vladimir D. Seleznev" <vseleznv at altlinux.org>

shmget(2) is not subject of umask(2), so it's better to use more proper
perms for it.
---
 MPlayer/gui/wm/ws.c     | 2 +-
 MPlayer/libvo/vo_x11.c  | 2 +-
 MPlayer/libvo/vo_xv.c   | 2 +-
 MPlayer/libvo/vo_xvmc.c | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/MPlayer/gui/wm/ws.c b/MPlayer/gui/wm/ws.c
index b211db5959..474154fc3c 100644
--- a/MPlayer/gui/wm/ws.c
+++ b/MPlayer/gui/wm/ws.c
@@ -1357,7 +1357,7 @@ void wsImageCreate(wsWindow *win, int w, int h)
             mplayer(MPLAYER_EXIT_GUI, EXIT_ERROR, 0);
         }
 
-        win->Shminfo.shmid = shmget(IPC_PRIVATE, win->xImage->bytes_per_line * win->xImage->height, IPC_CREAT | 0777);
+        win->Shminfo.shmid = shmget(IPC_PRIVATE, win->xImage->bytes_per_line * win->xImage->height, IPC_CREAT | 0600);
 
         if (win->Shminfo.shmid < 0) {
             XDestroyImage(win->xImage);
diff --git a/MPlayer/libvo/vo_x11.c b/MPlayer/libvo/vo_x11.c
index 58e1762de7..6b81980023 100644
--- a/MPlayer/libvo/vo_x11.c
+++ b/MPlayer/libvo/vo_x11.c
@@ -150,7 +150,7 @@ static void getMyXImage(void)
         }
         Shminfo[0].shmid = shmget(IPC_PRIVATE,
                                   myximage->bytes_per_line *
-                                  myximage->height, IPC_CREAT | 0777);
+                                  myximage->height, IPC_CREAT | 0600);
         if (Shminfo[0].shmid < 0)
         {
             XDestroyImage(myximage);
diff --git a/MPlayer/libvo/vo_xv.c b/MPlayer/libvo/vo_xv.c
index ebc1dbb23d..a3ec393e16 100644
--- a/MPlayer/libvo/vo_xv.c
+++ b/MPlayer/libvo/vo_xv.c
@@ -279,7 +279,7 @@ static void allocate_xvimage(int foo)
                                          &Shminfo[foo]);
 
         Shminfo[foo].shmid =
-            shmget(IPC_PRIVATE, xvimage[foo]->data_size, IPC_CREAT | 0777);
+            shmget(IPC_PRIVATE, xvimage[foo]->data_size, IPC_CREAT | 0600);
         Shminfo[foo].shmaddr = (char *) shmat(Shminfo[foo].shmid, 0, 0);
         Shminfo[foo].readOnly = False;
 
diff --git a/MPlayer/libvo/vo_xvmc.c b/MPlayer/libvo/vo_xvmc.c
index 48f3ede440..31104f4dd4 100644
--- a/MPlayer/libvo/vo_xvmc.c
+++ b/MPlayer/libvo/vo_xvmc.c
@@ -203,7 +203,7 @@ static int allocate_xvimage(int xvimage_width,int xvimage_height,int xv_format)
         if (!xvimage->data_size)
             goto shmgetfail;
 
-        Shminfo.shmid    = shmget(IPC_PRIVATE, xvimage->data_size, IPC_CREAT | 0777);
+        Shminfo.shmid    = shmget(IPC_PRIVATE, xvimage->data_size, IPC_CREAT | 0600);
         if (Shminfo.shmid == -1)
             goto shmgetfail;
         Shminfo.shmaddr  = (char *) shmat(Shminfo.shmid, 0, 0);
-- 
2.33.7



More information about the MPlayer-dev-eng mailing list