pkgsrc/security/smaSHeM/DESCR

System V shared memory segments created with shmget() are assigned an
owner, a group and a set of permissions intended to limit access to
the segment to designated processes only.  The owner of a shared
memory segment can change the ownership and permissions on a segment
after its creation using shmctl().  Any subsequent processes that wish
to attach to the segment can only do so if they have the appropriate
permissions.  Once attached, the process can read or write to the
segment, as per the permissions that were set when the segment was
created.

smaSHeM takes advantage of applications that set weak permissions on
such segments, allowing an attacker to dump or patch their contents.
As discussed in the presentation at 44CON 2013 entitled 'I Miss LSD',
in the case of many X11 applications it is possible to extract pixmaps
of previously rendered GUI artifacts.  When compiled with QtCore
linking enabled, smaSHeM aids in that process by brute forcing
potentially valid dimensions for the raw pixmap dump.
Initial import of smaSHeM, version 0.4, into the packages collection. System V shared memory segments created with shmget() are assigned an owner, a group and a set of permissions intended to limit access to the segment to designated processes only. The owner of a shared memory segment can change the ownership and permissions on a segment after its creation using shmctl(). Any subsequent processes that wish to attach to the segment can only do so if they have the appropriate permissions. Once attached, the process can read or write to the segment, as per the permissions that were set when the segment was created. smaSHeM takes advantage of applications that set weak permissions on such segments, allowing an attacker to dump or patch their contents. As discussed in the presentation at 44CON 2013 entitled 'I Miss LSD', in the case of many X11 applications it is possible to extract pixmaps of previously rendered GUI artifacts. When compiled with QtCore linking enabled, smaSHeM aids in that process by brute forcing potentially valid dimensions for the raw pixmap dump. 2013-11-15 06:11:50 +01:00			`System V shared memory segments created with shmget() are assigned an`
			`owner, a group and a set of permissions intended to limit access to`
			`the segment to designated processes only. The owner of a shared`
			`memory segment can change the ownership and permissions on a segment`
			`after its creation using shmctl(). Any subsequent processes that wish`
			`to attach to the segment can only do so if they have the appropriate`
			`permissions. Once attached, the process can read or write to the`
			`segment, as per the permissions that were set when the segment was`
			`created.`

			`smaSHeM takes advantage of applications that set weak permissions on`
			`such segments, allowing an attacker to dump or patch their contents.`
			`As discussed in the presentation at 44CON 2013 entitled 'I Miss LSD',`
			`in the case of many X11 applications it is possible to extract pixmaps`
			`of previously rendered GUI artifacts. When compiled with QtCore`
			`linking enabled, smaSHeM aids in that process by brute forcing`
			`potentially valid dimensions for the raw pixmap dump.`