Buildroot is a Linux distribution and system builder for embedded systems. Starting in Buildroot 2011.08, its default /etc/fstab included an entry for /dev/shm with incorrect permissons (sticky bit not set). (CWE-276)
Buildroot 2017.08 removed this entry for systems using systemd, and it has never been included for systems using OpenRC. So this only affects Buildroot-built systems that use sysvinit, and some older systems that use systemd. Ben. On Thu, Apr 11, 2024 at 05:20:16PM +0200, Ben Hutchings wrote: > /dev/shm is a world-writable directory, like /tmp, and should also > have the sticky bit set. Without this, any user can delete and > replace another user's files in /dev/shm. > > This bug has been present since /dev/shm was added to the skeleton > /etc/fstab, but appears to have been fixed for systems using systemd > by commit 76fc9275f14e "system: separate sysv and systemd parts of the > skeleton" which went into Buildroot 2017.08. > > Signed-off-by: Ben Hutchings <ben.hutchi...@mind.be> > Fixes: 22fde22e35f98f7830c2f8955465532328348cd1 > --- > package/skeleton-init-sysv/skeleton/etc/fstab | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/package/skeleton-init-sysv/skeleton/etc/fstab > b/package/skeleton-init-sysv/skeleton/etc/fstab > index 169054b74f..06c20fe9d5 100644 > --- a/package/skeleton-init-sysv/skeleton/etc/fstab > +++ b/package/skeleton-init-sysv/skeleton/etc/fstab > @@ -2,7 +2,7 @@ > /dev/root / ext2 rw,noauto 0 1 > proc /proc proc defaults 0 0 > devpts /dev/pts devpts > defaults,gid=5,mode=620,ptmxmode=0666 0 0 > -tmpfs /dev/shm tmpfs mode=0777 0 0 > +tmpfs /dev/shm tmpfs mode=1777 0 0 > tmpfs /tmp tmpfs mode=1777 0 0 > tmpfs /run tmpfs mode=0755,nosuid,nodev 0 > 0 > sysfs /sys sysfs defaults 0 0 > -- > 2.39.2 > -- Ben Hutchings · Senior Embedded Software Engineer, Essensium-Mind · mind.be
