From 57756e72adf2081137b97f0e689dd16c770d10b1 Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Sat, 22 Dec 2012 08:32:12 -0800
Subject: Change all shmget calls to user-only memory

Drop the read and write permissions for group and other users in the
system.

Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876
(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5)
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c)
---
 src/corelib/kernel/qsharedmemory_unix.cpp            | 6 +++---
 src/corelib/kernel/qsystemsemaphore_unix.cpp         | 4 ++--
 src/gui/image/qnativeimage.cpp                       | 2 +-
 src/gui/image/qpixmap_x11.cpp                        | 2 +-
 tests/auto/qtipc/qsharedmemory/tst_qsharedmemory.cpp | 2 +-
 tools/qvfb/qvfbshmem.cpp                             | 4 ++--
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/corelib/kernel/qsharedmemory_unix.cpp b/src/corelib/kernel/qsharedmemory_unix.cpp
index 004ff717ee..6b99d47688 100644
--- a/src/corelib/kernel/qsharedmemory_unix.cpp
+++ b/src/corelib/kernel/qsharedmemory_unix.cpp
@@ -199,7 +199,7 @@ bool QSharedMemoryPrivate::create(int size)
     }
 
     // create
-    if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) {
+    if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) {
         QString function = QLatin1String("QSharedMemory::create");
         switch (errno) {
         case EINVAL:
@@ -220,7 +220,7 @@ bool QSharedMemoryPrivate::create(int size)
 bool QSharedMemoryPrivate::attach(QSharedMemory::AccessMode mode)
 {
     // grab the shared memory segment id
-    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 0660));
+    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 0600));
     if (-1 == id) {
         setErrorString(QLatin1String("QSharedMemory::attach (shmget)"));
         return false;
@@ -265,7 +265,7 @@ bool QSharedMemoryPrivate::detach()
     size = 0;
 
     // Get the number of current attachments
-    int id = shmget(unix_key, 0, 0444);
+    int id = shmget(unix_key, 0, 0400);
     cleanHandle();
 
     struct shmid_ds shmid_ds;
diff --git a/src/corelib/kernel/qsystemsemaphore_unix.cpp b/src/corelib/kernel/qsystemsemaphore_unix.cpp
index 579d60ad76..7324c969a1 100644
--- a/src/corelib/kernel/qsystemsemaphore_unix.cpp
+++ b/src/corelib/kernel/qsystemsemaphore_unix.cpp
@@ -143,10 +143,10 @@ key_t QSystemSemaphorePrivate::handle(QSystemSemaphore::AccessMode mode)
     }
 
     // Get semaphore
-    semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL);
+    semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL);
     if (-1 == semaphore) {
         if (errno == EEXIST)
-            semaphore = semget(unix_key, 1, 0666 | IPC_CREAT);
+            semaphore = semget(unix_key, 1, 0600 | IPC_CREAT);
         if (-1 == semaphore) {
             setErrorString(QLatin1String("QSystemSemaphore::handle"));
             cleanHandle();
diff --git a/src/gui/image/qnativeimage.cpp b/src/gui/image/qnativeimage.cpp
index b78bc29b02..4b31f98c78 100644
--- a/src/gui/image/qnativeimage.cpp
+++ b/src/gui/image/qnativeimage.cpp
@@ -173,7 +173,7 @@ QNativeImage::QNativeImage(int width, int height, QImage::Format format,bool /*
 
     bool ok;
     xshminfo.shmid = shmget(IPC_PRIVATE, xshmimg->bytes_per_line * xshmimg->height,
-                            IPC_CREAT | 0777);
+                            IPC_CREAT | 0700);
     ok = xshminfo.shmid != -1;
     if (ok) {
         xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0);
diff --git a/src/gui/image/qpixmap_x11.cpp b/src/gui/image/qpixmap_x11.cpp
index fd38ac48e6..80bf18c272 100644
--- a/src/gui/image/qpixmap_x11.cpp
+++ b/src/gui/image/qpixmap_x11.cpp
@@ -193,7 +193,7 @@ static bool qt_create_mitshm_buffer(const QPaintDevice* dev, int w, int h)
     bool ok;
     xshminfo.shmid = shmget(IPC_PRIVATE,
                              xshmimg->bytes_per_line * xshmimg->height,
-                             IPC_CREAT | 0777);
+                             IPC_CREAT | 0700);
     ok = xshminfo.shmid != -1;
     if (ok) {
         xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0);
diff --git a/tests/auto/qtipc/qsharedmemory/tst_qsharedmemory.cpp b/tests/auto/qtipc/qsharedmemory/tst_qsharedmemory.cpp
index ae7694170a..c5cd952867 100644
--- a/tests/auto/qtipc/qsharedmemory/tst_qsharedmemory.cpp
+++ b/tests/auto/qtipc/qsharedmemory/tst_qsharedmemory.cpp
@@ -189,7 +189,7 @@ int tst_QSharedMemory::remove(const QString &key)
         return -3;
     }
 
-    int id = shmget(unix_key, 0, 0660);
+    int id = shmget(unix_key, 0, 0600);
     if (-1 == id) {
         qDebug() << "shmget failed";
         return -4;
diff --git a/tools/qvfb/qvfbshmem.cpp b/tools/qvfb/qvfbshmem.cpp
index bccc20be48..d8090cc006 100644
--- a/tools/qvfb/qvfbshmem.cpp
+++ b/tools/qvfb/qvfbshmem.cpp
@@ -174,13 +174,13 @@ QShMemViewProtocol::QShMemViewProtocol(int displayid, const QSize &s,
     uint data_offset_value = sizeof(QVFbHeader);
 
     int dataSize = bpl * h + data_offset_value;
-    shmId = shmget(key, dataSize, IPC_CREAT | 0666);
+    shmId = shmget(key, dataSize, IPC_CREAT | 0600);
     if (shmId != -1)
 	data = (unsigned char *)shmat(shmId, 0, 0);
     else {
 	struct shmid_ds shm;
 	shmctl(shmId, IPC_RMID, &shm);
-	shmId = shmget(key, dataSize, IPC_CREAT | 0666);
+    shmId = shmget(key, dataSize, IPC_CREAT | 0600);
 	if (shmId == -1) {
             perror("QShMemViewProtocol::QShMemViewProtocol");
             qFatal("Cannot get shared memory 0x%08x", key);
-- 
cgit v1.2.3