xenmon: Fix security vulnerability CVE-2007-3919.

The xenbaked daemon and xenmon utility communicate via a mmap'ed shared file. Since this file is located in /tmp, unprivileged users can cause arbitrary files to be truncated by creating a symlink from the well-known /tmp filename to e.g., /etc/passwd. The fix is to place the shared file in a directory to which only root should have access (in this case /var/run/). This bug was reported, and the fix suggested, by Steve Kemp <skx@debian.org>. Thanks! Signed-off-by: Keir Fraser <keir@xensource.com>
author: Keir Fraser <keir@xensource.com> 2007-10-23 09:26:43 +0100
committer: Keir Fraser <keir@xensource.com> 2007-10-23 09:26:43 +0100
commit: 86d019205b87aa53a739d2c8a25de56335949091 (patch)
tree: 917a489f5b650e3fdcacdb044f5aba236132dc6c /tools/xenmon/xenbaked.c
parent: 92c2f8054e9ef54fc218989c83c53591dc9dcbce (diff)
download: xen-86d019205b87aa53a739d2c8a25de56335949091.tar.gz
xen-86d019205b87aa53a739d2c8a25de56335949091.tar.bz2
xen-86d019205b87aa53a739d2c8a25de56335949091.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/xenmon/xenbaked.c b/tools/xenmon/xenbaked.c
index afca2f2168..5d5d0d4e43 100644
--- a/tools/xenmon/xenbaked.c
+++ b/tools/xenmon/xenbaked.c
@@ -589,7 +589,7 @@ error_t cmd_parser(int key, char *arg, struct argp_state *state)
     return 0;
 }
 
-#define SHARED_MEM_FILE "/tmp/xenq-shm"
+#define SHARED_MEM_FILE "/var/run/xenq-shm"
 void alloc_qos_data(int ncpu)
 {
     int i, n, pgsize, off=0;
author	Keir Fraser <keir@xensource.com>	2007-10-23 09:26:43 +0100
committer	Keir Fraser <keir@xensource.com>	2007-10-23 09:26:43 +0100
commit	86d019205b87aa53a739d2c8a25de56335949091 (patch)
tree	917a489f5b650e3fdcacdb044f5aba236132dc6c /tools/xenmon/xenbaked.c
parent	92c2f8054e9ef54fc218989c83c53591dc9dcbce (diff)
download	xen-86d019205b87aa53a739d2c8a25de56335949091.tar.gz xen-86d019205b87aa53a739d2c8a25de56335949091.tar.bz2 xen-86d019205b87aa53a739d2c8a25de56335949091.zip