Bug 90512

Summary: Unsecure/unreliable shared memory
Product: cairo Reporter: wbrana
Component: generalAssignee: Chris Wilson <chris>
Status: RESOLVED MOVED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: major    
Priority: medium    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: xcb_shm_attach_fd example

Description wbrana 2015-05-18 17:12:39 UTC 
Cairo is using shared memory using shmget with permissions 600 in following files:
cairo-xlib-surface-shm.c
cairo-xcb-shm.c
cairo-xcb-connection.c
which
- is unsecure because other applications from same user can access that memory using shmat and shmid from /proc/sysvipc/shm
- doesn't work if application is running as different non-root user from Xserver

Cairo should use new functions with Xserver 1.15 and newer:

"In the 1.15 release of the X.org server[1] the MIT-SHM extension gains two additional requests: 'X_ShmAttachFd' and 'X_ShmCreateSegment', to be able to pass shared memory through file descriptors from client to server and from server to client"
Comment 1 Uli Schlachter 2015-05-18 19:00:15 UTC 
I was curious how this FD handling was implemented inside of libX11 (how do the FD get from this lib to libxcb?) and looked at the latest git for libXshm. Answer: These requests aren't available through libX11, only through libxcb. (No activity since 2011)

http://cgit.freedesktop.org/xorg/lib/libXext/log/src/XShm.c
Comment 2 Chris Wilson 2015-05-18 19:46:59 UTC 
Also, since the Pixmap is shared via X, any other application can access the shared memory if permitted by XSELINUX (which is almost always run in permissive mode). So the real question is how to handle non-root X (and not just 1.15+).
Comment 3 wbrana 2015-05-18 20:16:01 UTC 
For 1.15+ client should create temporary file with mkstemp which is mmap-ped and xserver will mmap same file descriptor.
http://lists.x.org/archives/xorg-devel/2013-October/038497.html
I didn't test it, but it could work also with non-root X.
Comment 4 wbrana 2015-05-23 13:49:43 UTC 
Created attachment 115992 [details]
xcb_shm_attach_fd example

xcb_shm_attach_fd seems to work with non-root X
Comment 5 GitLab Migration User 2018-08-25 13:49:14 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/cairo/cairo/issues/210.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.