[Webkit-unassigned] [Bug 113432] New: shm_open is missing O_EXCL

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=113432

           Summary: shm_open is missing O_EXCL
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Platform
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: tedu at tedunangst.com
                CC: landry at openbsd.org


>From a visual inspection of http://trac.webkit.org/browser/releases/WebKitGTK/webkit-2.0/Source/WebKit2/Platform/unix/SharedMemoryUnix.cpp#L110

The call to shm_open lacks O_EXCL, meaning on a multiuser machine another user can create the shm object first. Iterating in a loop of random numbers is not sufficient to prevent this. They could in theory even create all possible names. And then webkit will be sharing memory with someone who is not the user running webkit.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.