| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Jul 2008 10:04:47 -0700
From: Jesse Barnes <jbarnes@...tuousgeek.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>,
lkml <linux-kernel@...r.kernel.org>
Subject: [git pull] PCI fixes for 2.6.26
I'll stop making predictions about whether this is the last pull request for
2.6.26 or not, but it is an important one. It turns out that we've had a
trivial DoS on machines containing PCI devices with bad VPDs. We're
entertaining a few options for a scalable, long term fix, but in the
meantime, restricting access to the sysfs VPD file seems prudent. I've
included the patch in lieu of a diffstat since it's so small.
Thanks,
Jesse
Ben Hutchings (1):
PCI: Restrict VPD read permission to root
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 6f3c744..1f855f0 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -738,7 +738,7 @@ int __must_check pci_create_sysfs_dev_files (struct
pci_dev
pdev->vpd->attr = attr;
attr->size = pdev->vpd->ops->get_size(pdev);
attr->attr.name = "vpd";
- attr->attr.mode = S_IRUGO | S_IWUSR;
+ attr->attr.mode = S_IRUSR | S_IWUSR;
attr->read = pci_read_vpd;
attr->write = pci_write_vpd;
retval = sysfs_create_bin_file(&pdev->dev.kobj, attr);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists