HPE Community
Operating System - HP-UX
1834204 Members
2388 Online
110066 Solutions
New Discussion

world-writeable shared mem segments normal?

 
SOLVED
Go to solution
Trever Furnish
Regular Advisor

‎08-15-2002 12:12 PM

‎08-15-2002 12:12 PM

world-writeable shared mem segments normal?

I know very little about how shared memory gets used in practice, but this struck me as potentially bad, so I thought I'd ask: is it normal / good to have apps running with memory segments that are "world-writeable"?

For example, if I do ipcs -ma, I see quite a few segments that have mode --rw-rw-rw-, which would be something to correct if it were a file, but which I'm not sure about as a memory segment.
Hockey PUX?
0 Kudos
Reply
5 REPLIES 5
A. Clay Stephenson
Acclaimed Contributor

‎08-15-2002 12:21 PM

‎08-15-2002 12:21 PM

Solution

Re: world-writeable shared mem segments normal?

The answer is that there is no way to know; it depends upon the design of the software. Many times shared memory segments are created at startup as user root/sys so that in order for other users to access the shared memory they must me created with mode 666.

It you have doubts, you need to contact the software vendor.
If it ain't broke, I can fix that.
Reply
Sridhar Bhaskarla
Honored Contributor

‎08-15-2002 01:13 PM

‎08-15-2002 01:13 PM

Re: world-writeable shared mem segments normal?

Hi Trever,

As mentioned by Clay, it is done through the application to create and set the access modes though shmget() call.

Are they appropriate permissions?. May be required for the application to work.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Trever Furnish
Regular Advisor

‎08-15-2002 01:19 PM

‎08-15-2002 01:19 PM

Re: world-writeable shared mem segments normal?

Thanks, guys. That's what I was afraid of.

BTW, I've tried to assign 10's to both of your responses twice now but the assignment doesn't seem to be taking effect. :-( Sorry.

Not that this is a question, but the one app that bugs me most here is omniback - I've gotten used to zero reasonable security settings under HPUX, but everything's pretty well locked down on my linux systems...everything except the omniback client, apparently, which uses these writeable memory segments.

I realize I can't be *certain* it doesn't have a valid reason for them, but I certainly have my doubts. :-/
Hockey PUX?
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎08-15-2002 01:43 PM

‎08-15-2002 01:43 PM

Re: world-writeable shared mem segments normal?

Normally shared memory segments are a much smaller security risk than files simply because they are much more difficult to attach. It requires C/C++ or at least Perl and a fair bit of knowledge to do anything. Shell scripts or awk are not going to be able to alter the contents; they could given the right permissions remove a shared memory segment but that would be true regardless of the permission mode of the shmid.


Shared memory is just what it sounds like; it is an area of memory than a group of (hopefully related) processes can access. For example, Oracle's Shared Global Area's (SGA's) consist of a number of shared memory segments.
If it ain't broke, I can fix that.
0 Kudos
Reply
Frank Slootweg
Honored Contributor

‎08-16-2002 01:04 AM

‎08-16-2002 01:04 AM

Re: world-writeable shared mem segments normal?

> except the omniback client, apparently,
> which uses these writeable memory segments.

You may want to ask about this in the OmniBack forum. I used to do OmniBack support and have never heard that OmniBack uses shared memory, but that does not mean it does not, just that I have never heard about it (i.e. also not about problems with it).

When posting, please specify the OmniBack release, the kind of client/agent, the platform on which that agent runs, etc..

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.