RE: [PATCH] aacraid: Resend, Fix security hole
From: Salyzyn, Mark
Date: Mon Jul 23 2007 - 09:48:38 EST
ACK.
Unit tested with Adaptec RAID management applications with apparently no
issue. Will push this into matrix testing in the coming week.
Sincerely -- Mark Salyzyn
> -----Original Message-----
> From: linux-kernel-owner@xxxxxxxxxxxxxxx
> [mailto:linux-kernel-owner@xxxxxxxxxxxxxxx] On Behalf Of Alan Cox
> Sent: Monday, July 23, 2007 9:51 AM
> To: torvalds@xxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx;
> linux-scsi@xxxxxxxxxxxxxxx
> Subject: [PATCH] aacraid: Resend, Fix security hole
>
> On the SCSI layer ioctl path there is no implicit permissions
> check for
> ioctls (and indeed other drivers implement unprivileged
> ioctls). aacraid
> however allows all sorts of very admin only things to be done
> so should
> check.
>
> Signed-off-by: Alan Cox <alan@xxxxxxxxxx>
>
> diff -u --new-file --recursive --exclude-from
> /usr/src/exclude
> linux.vanilla-2.6.23rc1/drivers/scsi/aacraid/linit.c
> linux-2.6.23rc1/drivers/scsi/aacraid/linit.c
> --- linux.vanilla-2.6.23rc1/drivers/scsi/aacraid/linit.c
> 2007-07-23 12:56:12.000000000 +0100
> +++ linux-2.6.23rc1/drivers/scsi/aacraid/linit.c
> 2007-07-23 12:57:45.000000000 +0100
> @@ -636,6 +636,8 @@
> static int aac_cfg_ioctl(struct inode *inode, struct file *file,
> unsigned int cmd, unsigned long arg)
> {
> + if (!capable(CAP_SYS_ADMIN))
> + return -EPERM;
> return aac_do_ioctl(file->private_data, cmd, (void
> __user *)arg);
> }
>
> @@ -689,6 +691,8 @@
>
> static long aac_compat_cfg_ioctl(struct file *file, unsigned
> cmd, unsigned long arg)
> {
> + if (!capable(CAP_SYS_ADMIN))
> + return -EPERM;
> return aac_compat_do_ioctl((struct aac_dev
> *)file->private_data, cmd, arg);
> }
> #endif
> -
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/