Topic: Issues with 0666-mode shared memory
mysecureshell (version 1.31) is using shared memory. At creation time, mode 0666 is applied so that any unprivileged user can write to it.
For instance, I could mark all empty slots occupied to reduce overall availability of the service, eventually down to zero.
To demonstrate the issue, I have written a small command line tool. It's free software and can be found at GitHub by now. Use it like this:
# make
cc -std=c99 -Wall -Wextra -pedantic local-dos.c -o local-dos
# ./local-dos
USAGE:
./local-dos (block|unblock|show)
# watch -n 1 -d ./local-dos block
[..]
Besides the local DoS, it might be possible to attack the call to chdir, since that is reading from shared memory, too.