After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 755532 - insecure shmget permissions
insecure shmget permissions
Product: cogl
Classification: Platform
Component: CoglTexture
Other Linux
: Normal normal
: ---
Assigned To: Cogl maintainer(s)
Cogl maintainer(s)
Depends on:
Reported: 2015-09-24 11:05 UTC by Florian Weimer
Modified: 2021-06-10 11:20 UTC
See Also:
GNOME target: ---
GNOME version: ---

Patch (807 bytes, patch)
2016-04-12 22:45 UTC, ricardo.smartmatic
none Details | Review

Description Florian Weimer 2015-09-24 11:05:46 UTC
IPC_PRIVATE is a misnomer, and this will create a SHM segment with 0777 permissions:

  tex_pixmap->shm_info.shmid = shmget (IPC_PRIVATE,
                                       * dummy_image->height,
                                       IPC_CREAT | 0777);

This should probably use 0600 permissions instead.  As far as I can see, it's a cosmetic issue because the SHM segment is only temporary and not used for anything important, but it should still be fixed.

Downstream bug:
Comment 1 ricardo.smartmatic 2016-04-11 23:17:52 UTC
This should be fixed and also shmctl() with IPC_RMID should be called immediately after the shmget() call to destroy the SHM object upon process termination.  Otherwise, if I logout and login again from Linux Mint with Cinnamon, another object with these characteristics would be created without the other being destroyed, leaking memory in the process.

You should add:
shmctl(shm_info.shmid, IPC_RMID, NULL);
Comment 2 ricardo.smartmatic 2016-04-12 22:45:11 UTC
Created attachment 325829 [details] [review]

Tested patch.  Now Linux Mint with Cinnamon doesn't leak memory if I logout and no insecure permissions are present.
Comment 3 André Klapper 2021-06-10 11:20:27 UTC
GNOME is going to shut down in favor of
As part of that, we are mass-closing older open tickets in
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version of cogl, then please follow
and create a ticket at

Thank you for your understanding and your help.