forked from enlightenment/efl
ecore-evas-extn : map shm for sharing render pixels conservatively
@fix before we mapped these segmentsa read+write for the user or read+write for EVERYONE if system. this now creates the file as r+w for the user and +ro for everyone only IF system, and clients voluntarily map read-only to avoid possible memory corrupting of pixels from the client side. not more secure for clients, but nicer. defintiely more secure for system services.
This commit is contained in:
parent
049b397a86
commit
e90d60f8f5
|
@ -17,7 +17,8 @@ _extnbuf_new(const char *base, int id, Eina_Bool sys, int num,
|
||||||
{
|
{
|
||||||
Extnbuf *b;
|
Extnbuf *b;
|
||||||
char file[PATH_MAX];
|
char file[PATH_MAX];
|
||||||
mode_t mode = S_IRUSR | S_IWUSR;
|
mode_t mode = S_IRUSR;
|
||||||
|
int prot = PROT_READ;
|
||||||
int page_size;
|
int page_size;
|
||||||
Eina_Tmpstr *tmp = NULL;
|
Eina_Tmpstr *tmp = NULL;
|
||||||
|
|
||||||
|
@ -36,9 +37,16 @@ _extnbuf_new(const char *base, int id, Eina_Bool sys, int num,
|
||||||
snprintf(file, sizeof(file), "/%s-%i.%i", base, id, num);
|
snprintf(file, sizeof(file), "/%s-%i.%i", base, id, num);
|
||||||
b->file = eina_stringshare_add(file);
|
b->file = eina_stringshare_add(file);
|
||||||
if (!b->file) goto err;
|
if (!b->file) goto err;
|
||||||
|
|
||||||
if (sys) mode |= S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
|
|
||||||
|
if (sys) mode |= S_IRGRP | S_IROTH;
|
||||||
|
|
||||||
|
if (owner)
|
||||||
|
{
|
||||||
|
mode |= S_IWUSR;
|
||||||
|
prot |= PROT_WRITE;
|
||||||
|
}
|
||||||
|
|
||||||
if (b->am_owner)
|
if (b->am_owner)
|
||||||
{
|
{
|
||||||
b->lockfd = eina_file_mkstemp("ee-lock-XXXXXX", &tmp);
|
b->lockfd = eina_file_mkstemp("ee-lock-XXXXXX", &tmp);
|
||||||
|
@ -51,11 +59,10 @@ _extnbuf_new(const char *base, int id, Eina_Bool sys, int num,
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
b->fd = shm_open(b->file, O_RDWR, mode);
|
b->fd = shm_open(b->file, O_RDONLY, mode);
|
||||||
if (b->fd < 0) goto err;
|
if (b->fd < 0) goto err;
|
||||||
}
|
}
|
||||||
b->addr = mmap(NULL, b->size, PROT_READ | PROT_WRITE, MAP_SHARED,
|
b->addr = mmap(NULL, b->size, prot, MAP_SHARED, b->fd, 0);
|
||||||
b->fd, 0);
|
|
||||||
if (b->addr == MAP_FAILED) goto err;
|
if (b->addr == MAP_FAILED) goto err;
|
||||||
return b;
|
return b;
|
||||||
err:
|
err:
|
||||||
|
|
Loading…
Reference in New Issue