| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7a7d18d3-8c8d-af05-9aa0-fa54fa0dc0b7@cogentembedded.com>
Date: Sat, 25 Jan 2020 11:48:51 +0300
From: Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
To: Michael Ellerman <mpe@...erman.id.au>, netdev@...r.kernel.org
Cc: davem@...emloft.net, linux-kernel@...r.kernel.org,
security@...nel.org, ivansprundel@...ctive.com, vishal@...lsio.com
Subject: Re: [PATCH] net: cxgb3_main: Add CAP_NET_ADMIN check to
CHELSIO_GET_MEM
Hello!
On 24.01.2020 12:41, Michael Ellerman wrote:
> The cxgb3 driver for "Chelsio T3-based gigabit and 10Gb Ethernet
> adapters" implements a custom ioctl as SIOCCHIOCTL/SIOCDEVPRIVATE in
> cxgb_extension_ioctl().
>
> One of the subcommands of the ioctl is CHELSIO_GET_MEM, which appears
> to read memory directly out of the adapter and return it to userspace.
> It's not entirely clear what the contents of the adapter memory
> contains, but the assumption is that it shouldn't be accessible to all
s/contains/is/? Else it sounds tautological. :-)
> users.
>
> So add a CAP_NET_ADMIN check to the CHELSIO_GET_MEM case. Put it after
> the is_offload() check, which matches two of the other subcommands in
> the same function which also check for is_offload() and CAP_NET_ADMIN.
>
> Found by Ilja by code inspection, not tested as I don't have the
> required hardware.
>
> Reported-by: Ilja Van Sprundel <ivansprundel@...ctive.com>
> Signed-off-by: Michael Ellerman <mpe@...erman.id.au>
[...]
MBR, Sergei
Powered by blists - more mailing lists