| From 719be62903a6e6419789557cb3ed0e840d3e4ca9 Mon Sep 17 00:00:00 2001 |
| From: Alan Cox <alan@lxorguk.ukuu.org.uk> |
| Date: Mon, 23 Jul 2007 14:51:05 +0100 |
| Subject: [PATCH] aacraid: fix security hole |
| |
| From: Alan Cox <alan@lxorguk.ukuu.org.uk> |
| |
| On the SCSI layer ioctl path there is no implicit permissions check for |
| ioctls (and indeed other drivers implement unprivileged ioctls). aacraid |
| however allows all sorts of very admin only things to be done so should |
| check. |
| |
| Signed-off-by: Alan Cox <alan@redhat.com> |
| Acked-by: Mark Salyzyn <mark_salyzyn@adaptec.com> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/scsi/aacraid/linit.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| --- a/drivers/scsi/aacraid/linit.c |
| +++ b/drivers/scsi/aacraid/linit.c |
| @@ -597,6 +597,8 @@ static int aac_cfg_open(struct inode *in |
| static int aac_cfg_ioctl(struct inode *inode, struct file *file, |
| unsigned int cmd, unsigned long arg) |
| { |
| + if (!capable(CAP_SYS_ADMIN)) |
| + return -EPERM; |
| return aac_do_ioctl(file->private_data, cmd, (void __user *)arg); |
| } |
| |
| @@ -650,6 +652,8 @@ static int aac_compat_ioctl(struct scsi_ |
| |
| static long aac_compat_cfg_ioctl(struct file *file, unsigned cmd, unsigned long arg) |
| { |
| + if (!capable(CAP_SYS_ADMIN)) |
| + return -EPERM; |
| return aac_compat_do_ioctl((struct aac_dev *)file->private_data, cmd, arg); |
| } |
| #endif |
