1 files changed, 17 insertions, 0 deletions

diff --git a/security/smaSHeM/DESCR b/security/smaSHeM/DESCR
new file mode 100644
index 00000000000..7417baa89d3
--- /dev/null
+++ b/security/smaSHeM/DESCR
@@ -0,0 +1,17 @@
+System V shared memory segments created with shmget() are assigned an
+owner, a group and a set of permissions intended to limit access to
+the segment to designated processes only.  The owner of a shared
+memory segment can change the ownership and permissions on a segment
+after its creation using shmctl().  Any subsequent processes that wish
+to attach to the segment can only do so if they have the appropriate
+permissions.  Once attached, the process can read or write to the
+segment, as per the permissions that were set when the segment was
+created.
+
+smaSHeM takes advantage of applications that set weak permissions on
+such segments, allowing an attacker to dump or patch their contents.
+As discussed in the presentation at 44CON 2013 entitled 'I Miss LSD',
+in the case of many X11 applications it is possible to extract pixmaps
+of previously rendered GUI artifacts.  When compiled with QtCore
+linking enabled, smaSHeM aids in that process by brute forcing
+potentially valid dimensions for the raw pixmap dump.