I was wondering - are there any known techniques to control access to a shared memory object from anywhere but an authorized program?
For instance, lets say I create a shared memory segment for use in a program P, to be accessed by Q, and I make it Read-Write. I can access it using Q because I've given it (Q) the required permissions to do so (running as a particular user with groups, etc).
However, I'm guessing there are instances where someone could potentially access this shared memory from a program R - simply attaching to it and modifying it. To stop this, you could make the memory segment read only - but now program R could still read what was in the memory.
My question is in parts -
Is there a way to,
a) allow only Q to access the shared memory?
b) figure whether a read was done by someone apart from Q - and who did it? [Is this even possible?] For bonus points, could this be done cross-platform? [Probably not, but no harm trying :)]
Under what circumstances could a rogue program attach to the shared memory? I presume one way is if a user is able to exploit OS holes and become the user that started the program. Any others?
As with all System V IPC objects, access to shared memory areas is controlled via keys and access rights checking. Once the memory is being shared, there are no checks on how the processes are using it. They must rely on other mechanisms, for example System V semaphores, to synchronize access to the memory.
The ipcs -mS command can be used to view all shared memory segments that have been allocated on the entire system, and the svmon -P <PID> command can be used to view shared memory segments that are currently being used by a specific process.
In computer science, shared memory is memory that may be simultaneously accessed by multiple programs with an intent to provide communication among them or avoid redundant copies. Shared memory is an efficient means of passing data between programs.
POSIX shared memory has the same permissions system as files - if you run ipcs
you'll see the permissions of the shared memory segments on your system:
$ ipcs -m
IPC status from <running system> as of Tue Jul 14 23:21:25 BST 2009
T ID KEY MODE OWNER GROUP
Shared Memory:
m 65536 0x07021999 --rw-r--r-- root wheel
m 65537 0x60022006 --rw-r--r-- root wheel
In answer to question 1a), you can use the normal UNIX permissions system to only allow access from a certain user and/or group. This can be controlled using shmctl
:
struct ipc_perm perms;
perms.uid = 100;
perms.gid = 200;
perms.mode = 0660; // Allow read/write only by
// uid '100' or members of group '200'
shmctl(shmid, IPC_SET, &perms);
For 1b), I don't think any auditing interfaces exist for shared memory access.
With regards to your second question, any process running as the shm owner/group, or running as root will be able to access your memory - this is no different to accessing any other resource. Root can always access anything on a *ix system; and so any exploit which escalated a user to root would allow access to any shared memory region.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With