[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080205103327.GB1792@ldl.fc.hp.com>
Date: Tue, 5 Feb 2008 03:33:28 -0700
From: dann frazier <dannf@...com>
To: Willy TARREAU <w@....eu>
Cc: linux-kernel@...r.kernel.org, Alan Cox <alan@...rguk.ukuu.org.uk>
Subject: [PATCH] 2.4: [SCSI] aacraid: Fix security hole
This is a 2.4 backport of a linux-2.6 change by Alan Cox.
(commit 60395bb60e0b5e4e0808ac8eb07a92f6c9cdea1f)
It has been build-tested only (I don't have the hardware).
CVE-2007-4308 was assigned for this issue.
Commit log from 2.6 follows.
On the SCSI layer ioctl path there is no implicit permissions check for
ioctls (and indeed other drivers implement unprivileged ioctls). aacraid
however allows all sorts of very admin only things to be done so should
check.
---
drivers/scsi/aacraid/linit.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
Signed-off-by: dann frazier <dannf@...com>
diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
index 57d0a40..c6d7bdf 100644
--- a/drivers/scsi/aacraid/linit.c
+++ b/drivers/scsi/aacraid/linit.c
@@ -683,6 +683,8 @@ static int aac_cfg_release(struct inode * inode, struct file * file )
static int aac_cfg_ioctl(struct inode * inode, struct file * file, unsigned int cmd, unsigned long arg )
{
struct aac_dev *dev = aac_devices[MINOR(inode->i_rdev)];
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
return aac_do_ioctl(dev, cmd, (void *)arg);
}
--
1.5.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists