• R/O
  • HTTP
  • SSH
  • HTTPS

linux-2.4.36: Commit

2.4.36-stable kernel tree


Commit MetaInfo

Revisionc6cd2bb1a74822d28a4c2d26f169b781820168da (tree)
Time2008-02-06 04:32:56
Authordann frazier <dannf@hp.c...>
CommiterWilly Tarreau

Log Message

2.4: [SCSI] aacraid: Fix security hole

This is a 2.4 backport of a linux-2.6 change by Alan Cox.
(commit 60395bb60e0b5e4e0808ac8eb07a92f6c9cdea1f)

It has been build-tested only (I don't have the hardware).
CVE-2007-4308 was assigned for this issue.

Commit log from 2.6 follows.

On the SCSI layer ioctl path there is no implicit permissions check for
ioctls (and indeed other drivers implement unprivileged ioctls). aacraid
however allows all sorts of very admin only things to be done so should
check.

Change Summary

Incremental Difference

--- a/drivers/scsi/aacraid/linit.c
+++ b/drivers/scsi/aacraid/linit.c
@@ -683,6 +683,8 @@ static int aac_cfg_release(struct inode * inode, struct file * file )
683683 static int aac_cfg_ioctl(struct inode * inode, struct file * file, unsigned int cmd, unsigned long arg )
684684 {
685685 struct aac_dev *dev = aac_devices[MINOR(inode->i_rdev)];
686+ if (!capable(CAP_SYS_ADMIN))
687+ return -EPERM;
686688 return aac_do_ioctl(dev, cmd, (void *)arg);
687689 }
688690
Show on old repository browser