util/shm: clear mode permission bits in allocate_shm_file_pair

This ensures the file cannot be re-opened with write permissions. Closes: https://gitlab.freedesktop.org/wlroots/wlroots/-/issues/3429
author: Simon Ser <contact@emersion.fr> 2022-05-12 19:58:50 +0200
committer: Simon Ser <contact@emersion.fr> 2022-05-12 19:58:50 +0200
commit: 19896e7fb63db73c4a66b68a79d7cbd039198a1d (patch)
tree: 0c10ae22d04c1633cf700af5fa569c2f0f59a7e9 /util
parent: e646d882cf4949d290fff2ba3b7ae4c124f6f13d (diff)
download: wlroots-19896e7fb63db73c4a66b68a79d7cbd039198a1d.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/util/shm.c b/util/shm.c
index e0d84e8e..6fddebbb 100644
--- a/util/shm.c
+++ b/util/shm.c
@@ -3,6 +3,7 @@
 #include <fcntl.h>
 #include <string.h>
 #include <sys/mman.h>
+#include <sys/stat.h>
 #include <time.h>
 #include <unistd.h>
 #include <wlr/config.h>
@@ -73,6 +74,14 @@ bool allocate_shm_file_pair(size_t size, int *rw_fd_ptr, int *ro_fd_ptr) {
 
 	shm_unlink(name);
 
+	// Make sure the file cannot be re-opened in read-write mode (e.g. via
+	// "/proc/self/fd/" on Linux)
+	if (fchmod(rw_fd, 0) != 0) {
+		close(rw_fd);
+		close(ro_fd);
+		return false;
+	}
+
 	int ret;
 	do {
 		ret = ftruncate(rw_fd, size);
author	Simon Ser <contact@emersion.fr>	2022-05-12 19:58:50 +0200
committer	Simon Ser <contact@emersion.fr>	2022-05-12 19:58:50 +0200
commit	19896e7fb63db73c4a66b68a79d7cbd039198a1d (patch)
tree	0c10ae22d04c1633cf700af5fa569c2f0f59a7e9 /util
parent	e646d882cf4949d290fff2ba3b7ae4c124f6f13d (diff)
download	wlroots-19896e7fb63db73c4a66b68a79d7cbd039198a1d.tar.xz