linux-hardened icon indicating copy to clipboard operation
linux-hardened copied to clipboard
verified publisher icon anthraxx

Deny access to overly-permissive IPC objects

Open madaidan opened this issue 5 years ago • 1 comments

It's a common error to grant too much permission to these objects, with impact ranging from denial of service and information leaking to privilege escalation.

https://labs.portcullis.co.uk/whitepapers/memory-squatting-attacks-on-system-v-shared-memory/

This creates the kernel.harden_ipc sysctl that when enabled will deny access to overly-permissive IPC objects given the following criteria:

  1. If the IPC object is world-accessible and the euid doesn't match that of the creator or current uid for the IPC object
  2. If the IPC object is group-accessible and the egid doesn't match that of the creator or current gid for the IPC object

Processes with CAP_IPC_OWNER are still permitted to access these IPC objects.

This is based on GRKERNSEC_HARDEN_IPC.

madaidan avatar May 20 '20 23:05 madaidan

please rebase against master

anthraxx avatar Sep 05 '20 00:09 anthraxx