Changed shared memory permissions to 600

trampgeek / jobe

jobe is a server that runs small programming jobs in a variety of programming languages

MIT License

111 stars 80 forks source link

Changed shared memory permissions to 600 #48

Closed myyxl closed 3 years ago

myyxl commented 3 years ago

Hi Richard! I have changed the shared memory permissions to 600 to prevent student submissions tampering with the shared memory. The default permissions are 666 which allowed everyone to write into the shm. This could potentially be exploited into a Denial-of-Service by overwriting the 'busy' boolean of the users.

Sincerely, Marlon

trampgeek commented 3 years ago

Thanks for another useful contribution, Marlon. It's great to have people tightening the security on Jobe.