Home » Mailing list archives » linux-kernel » 2007 » August » 7

[2.6.22.2 review 24/84] aacraid: fix security hole

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Greg KH
Subject: [2.6.22.2 review 24/84] aacraid: fix security hole
Date: Tuesday, August 7, 2007 - 1:44 pm

From: Alan Cox <alan@lxorguk.ukuu.org.uk>

On the SCSI layer ioctl path there is no implicit permissions check for
ioctls (and indeed other drivers implement unprivileged ioctls). aacraid
however allows all sorts of very admin only things to be done so should
check.

Signed-off-by: Alan Cox <alan@redhat.com>
Acked-by: Mark Salyzyn <mark_salyzyn@adaptec.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 drivers/scsi/aacraid/linit.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/drivers/scsi/aacraid/linit.c
+++ b/drivers/scsi/aacraid/linit.c
@@ -597,6 +597,8 @@ static int aac_cfg_open(struct inode *in
 static int aac_cfg_ioctl(struct inode *inode,  struct file *file,
 		unsigned int cmd, unsigned long arg)
 {
+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
 	return aac_do_ioctl(file->private_data, cmd, (void __user *)arg);
 }
 
@@ -650,6 +652,8 @@ static int aac_compat_ioctl(struct scsi_
 
 static long aac_compat_cfg_ioctl(struct file *file, unsigned cmd, unsigned long arg)
 {
+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
 	return aac_compat_do_ioctl((struct aac_dev *)file->private_data, cmd, arg);
 }
 #endif

-- 
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[2.6.22.2 review 00/84] 2.6.22.2 -stable review, Greg KH, (Tue Aug 7, 1:41 pm)
[2.6.22.2 review 01/84] USB: cdc-acm: fix sysfs attribute ..., Greg KH, (Tue Aug 7, 1:42 pm)
[2.6.22.2 review 02/84] TCP FRTO retransmit bug fix, Greg KH, (Tue Aug 7, 1:42 pm)
[2.6.22.2 review 03/84] Fix TC deadlock., Greg KH, (Tue Aug 7, 1:42 pm)
[2.6.22.2 review 04/84] Fix IPCOMP crashes., Greg KH, (Tue Aug 7, 1:42 pm)
[2.6.22.2 review 05/84] Fix deadlocks in sparc serial console., Greg KH, (Tue Aug 7, 1:42 pm)
[2.6.22.2 review 06/84] Add a PCI ID for santa rosas PATA ..., Greg KH, (Tue Aug 7, 1:42 pm)
[2.6.22.2 review 07/84] Missing header include in ipt_ipra ..., Greg KH, (Tue Aug 7, 1:43 pm)
[2.6.22.2 review 08/84] SCTP scope_id handling fix, Greg KH, (Tue Aug 7, 1:43 pm)
[2.6.22.2 review 09/84] Fix rfkill IRQ flags., Greg KH, (Tue Aug 7, 1:43 pm)
[2.6.22.2 review 10/84] gen estimator timer unload race, Greg KH, (Tue Aug 7, 1:43 pm)
[2.6.22.2 review 11/84] gen estimator deadlock fix, Greg KH, (Tue Aug 7, 1:43 pm)
[2.6.22.2 review 12/84] Fix error queue socket lookup in ipv6, Greg KH, (Tue Aug 7, 1:43 pm)
[2.6.22.2 review 13/84] Fix ipv6 link down handling., Greg KH, (Tue Aug 7, 1:43 pm)
[2.6.22.2 review 14/84] Netpoll leak, Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 15/84] Sparc64 bootup assembler bug, Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 16/84] Fix ipv6 tunnel endianness bug., Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 17/84] Fix sparc32 memset(), Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 18/84] Fix sparc32 udelay() rounding errors., Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 19/84] Fix TCP IPV6 MD5 bug., Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 20/84] KVM: SVM: Reliably detect if SVM w ..., Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 21/84] USB: fix warning caused by autosus ..., Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 22/84] usb-serial: Fix edgeport regressio ..., Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 23/84] Fix reported task file values in s ..., Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 24/84] aacraid: fix security hole, Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 25/84] firewire: fw-sbp2: set correct max ..., Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 26/84] make timerfd return a u64 and fix ..., Greg KH, (Tue Aug 7, 1:44 pm)
[2.6.22.2 review 27/84] V4L: Add check for valid control I ..., Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 28/84] V4L: ivtv: fix broken VBI output s ..., Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 29/84] V4L: ivtv: fix DMA timeout when ca ..., Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 30/84] V4L: ivtv: Add locking to ensure s ..., Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 31/84] V4L: wm8775/wm8739: Fix memory lea ..., Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 32/84] Input: lifebook - fix an oops on P ..., Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 33/84] splice: fix double page unlock, Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 34/84] drm/i915: Fix i965 secured batchbu ..., Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 35/84] Fix leak on /proc/lockdep_stats, Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 35/84] Fix leak on /proc/lockdep_stats, Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 36/84] CPU online file permission, Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 37/84] Fix user struct leakage with locke ..., Greg KH, (Tue Aug 7, 1:45 pm)
[2.6.22.2 review 38/84] md: handle writes to broken raid10 ..., Greg KH, (Tue Aug 7, 1:46 pm)
[2.6.22.2 review 39/84] md: raid10: fix use-after-free of bio, Greg KH, (Tue Aug 7, 1:46 pm)
[2.6.22.2 review 40/84] pcmcia: give socket time to power down, Greg KH, (Tue Aug 7, 1:46 pm)
[2.6.22.2 review 41/84] Fix leaks on /proc/{*/sched, sched ..., Greg KH, (Tue Aug 7, 1:46 pm)
[2.6.22.2 review 42/84] futex: pass nr_wake2 to futex_wake_op, Greg KH, (Tue Aug 7, 1:46 pm)
[2.6.22.2 review 43/84] &quot;ext4_ext_put_in_cache&quot; uses __u32 ..., Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 44/84] Include serial_reg.h with userspac ..., Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 45/84] dm io: fix panic on large request, Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 46/84] i386: HPET, check if the counter works, Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 47/84] fw-ohci: fix &quot;scheduling while atomic&quot;, Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 48/84] firewire: fix memory leak of fw_re ..., Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 49/84] softmac: Fix ESSID problem, Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 50/84] eCryptfs: ecryptfs_setattr() bugfix, Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 51/84] nfsd: fix possible read-ahead cach ..., Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 52/84] readahead: MIN_RA_PAGES/MAX_RA_PAG ..., Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 53/84] fs: 9p/conv.c error path fix, Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 54/84] forcedeth bug fix: cicada phy, Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 55/84] forcedeth bug fix: vitesse phy, Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 56/84] forcedeth bug fix: realtek phy, Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 57/84] acpi-cpufreq: Proper ReadModifyWri ..., Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 58/84] jbd commit: fix transaction dropping, Greg KH, (Tue Aug 7, 1:47 pm)
[2.6.22.2 review 59/84] jbd2 commit: fix transaction dropping, Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 60/84] hugetlb: fix race in alloc_fresh_h ..., Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 61/84] do not limit locked memory when RL ..., Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 62/84] uml: limit request size on COWed d ..., Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 63/84] sony-laptop: fix bug in event handling, Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 64/84] destroy_workqueue() can livelock, Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 65/84] drivers/video/macmodes.c:mac_find_ ..., Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 66/84] cfq-iosched: fix async queue behaviour, Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 67/84] libata: add FUJITSU MHV2080BH to N ..., Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 68/84] ieee1394: revert &quot;sbp2: enforce 32 ..., Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 69/84] nfsd: fix possible oops on re-inse ..., Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 70/84] dm raid1: fix status, Greg KH, (Tue Aug 7, 1:48 pm)
[2.6.22.2 review 71/84] dm io: fix another panic on large ..., Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 72/84] dm snapshot: permit invalid activation, Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 73/84] dm: disable barriers, Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 74/84] cr_backlight_probe() allocates too ..., Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 75/84] ACPI: dock: fix opps after dock dr ..., Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 76/84] Hangup TTY before releasing rfcomm_dev, Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 77/84] Keep rfcomm_dev on the list until ..., Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 78/84] nf_conntrack: dont track locally g ..., Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 79/84] IPV6: /proc/net/anycast6 unbalance ..., Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 80/84] sysfs: release mutex when kmalloc( ..., Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 81/84] Netfilter: Fix logging regression, Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 82/84] USB: fix for ftdi_sio quirk handling, Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 83/84] sx: switch subven and subid values, Greg KH, (Tue Aug 7, 1:49 pm)
[2.6.22.2 review 84/84] UML: exports for hostfs, Greg KH, (Tue Aug 7, 1:49 pm)
Re: [2.6.22.2 review 00/84] 2.6.22.2 -stable review, Greg KH, (Tue Aug 7, 2:11 pm)
Re: [2.6.22.2 review 09/84] Fix rfkill IRQ flags., Jan Engelhardt, (Tue Aug 7, 2:37 pm)
Re: [2.6.22.2 review 18/84] Fix sparc32 udelay() rounding ..., Jan Engelhardt, (Tue Aug 7, 2:41 pm)
Re: [2.6.22.2 review 26/84] make timerfd return a u64 and ..., Jan Engelhardt, (Tue Aug 7, 2:44 pm)
Re: [2.6.22.2 review 06/84] Add a PCI ID for santa rosas P ..., Chr, (Tue Aug 7, 4:39 pm)
Re: [2.6.22.2 review 09/84] Fix rfkill IRQ flags., Alexey Dobriyan, (Wed Aug 8, 10:24 pm)
Re: [2.6.22.2 review 06/84] Add a PCI ID for santa rosas P ..., Andrew Morton, (Thu Aug 9, 12:39 pm)