• Brian Paul's avatar
    Call shmget() with permission 0600 instead of 0777 · 02c3dad0
    Brian Paul authored
    A security advisory (TALOS-2019-0857/CVE-2019-5068) found that
    creating shared memory regions with permission mode 0777 could allow
    any user to access that memory.  Several Mesa drivers use shared-
    memory XImages to implement back buffers for improved performance.
    This path changes the shmget() calls to use 0600 (user r/w).
    Tested with legacy Xlib driver and llvmpipe.
    Cc: mesa-stable@lists.freedesktop.org
    Reviewed-by: Kristian H. Kristensen's avatarKristian H. Kristensen <hoegsberg@google.com>