[vlc-devel] [PATCH] vout: xcb: Prefer using MIT-SHM FD-passing when possible
Alexander Volkov
a.volkov at rusbitech.ru
Mon Feb 12 11:21:57 CET 2018
09.02.2018 21:05, Rémi Denis-Courmont пишет:
> Le perjantaina 9. helmikuuta 2018, 13.36.59 EET Alexander Volkov a écrit :
>> This makes the shared memory visible only to vlc
>> and the X server to which it is connected.
> There was indeed a security issue that other users could read your pictures.
> But it was already fixed over 8 years ago by allocating segments as 0600
> instead of 0666.
>
> The only outstanding problem, for now, is a short race condition whereby the
> segment can be leaked (until reboot) if VLC dies between shmget() and
> shmctl(RMID).
Sorry for the bad description of this patch.
The X server may restrict access to shm images by XSelinux, etc.,
but there may be cases when shared memory can still be accessed
by the application running as the same user.
On the other hand with 0600 rights System V shared memory can't be
used when the X server is running as another non-root user.
More information about the vlc-devel
mailing list