Description
CAN-2004-0176:
Michael Kerrisk noticed an insufficient permission checking in the
shmctl() function. Any process was permitted to lock/unlock any
System V shared memory segment that fell within the the
RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that
unprivileged users can acquire). This allowed am unprivileged user
process to unlock locked memory of other processes, thereby allowing
them to be swapped out. Usually locked shared memory is used to
store passphrases and other sensitive content which must not be
written to the swap space (where it could be read out even after a
reboot).