git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Alan Cox <alan@redhat.com>
	Sun, 9 Dec 2007 18:07:00 +0000 (19:07 +0100)
committer	Adrian Bunk <bunk@kernel.org>
	Sun, 6 Jan 2008 02:19:00 +0000 (04:19 +0200)
commit	0949515eac13172c4754691d2270772c0b195565
tree	4ca3f01151bca16be0e416bc78e71e3d7b765021	tree \| snapshot
parent	3528fed43621960e41fef18a2013dc05801ee707	commit \| diff

[SCSI] aacraid: fix security weakness

Actually there are several but one is trivially fixed

1.  FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev->fib_list
but needs to
2.  Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB
3.  It is possible to construct an attack via the SRB ioctls where
the user obtains assorted elevated privileges. Various approaches are
possible, the trivial ones being things like writing to the raw media
via scsi commands and the swap image of other executing programs with
higher privileges.

So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating
ones. This is a bandaid fix for #3 but probably the ioctls should grow
their own capable checks. The other two bugs need someone competent in that
driver to fix them.

Signed-off-by: Alan Cox <alan@redhat.com>
Acked-by: Mark Salyzyn <mark_salyzyn@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Adrian Bunk <bunk@kernel.org>