[Buildroot] Buildroot: incorrect permissons on /dev/shm
Peter Korsgaard
peter at korsgaard.com
Tue May 7 09:10:14 UTC 2024
>>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:
> Ben, All,
> On 2024-05-06 12:24 +0200, Ben Hutchings via buildroot spake thusly:
>> On Thu, Apr 11, 2024 at 05:31:02PM +0200, Ben Hutchings wrote:
>> > Buildroot is a Linux distribution and system builder for embedded
>> > systems. Starting in Buildroot 2011.08, its default /etc/fstab
>> > included an entry for /dev/shm with incorrect permissons (sticky bit
>> > not set). (CWE-276)
>> >
>> > Buildroot 2017.08 removed this entry for systems using systemd, and it
>> > has never been included for systems using OpenRC. So this only
>> > affects Buildroot-built systems that use sysvinit, and some older
>> > systems that use systemd.
>> [...]
>>
>> This has been assigned CVE-2024-34455.
> Thanks for th efeedback. The fix has already been committed, with commit
> 0b2967e158 (package/skeleton-init-sysv: Set sticky bit on /dev/shm) that
> I applied on 2024-04-11.
And it is included in the recently released 2024.02.2 rlease:
https://lore.kernel.org/buildroot/874jbaxb7g.fsf@dell.be.48ers.dk/T/#u
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list