ACK. Unit tested with Adaptec RAID management applications with apparently no issue. Will push this into matrix testing in the coming week.
Sincerely -- Mark Salyzyn > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Alan Cox > Sent: Monday, July 23, 2007 9:51 AM > To: [EMAIL PROTECTED]; linux-kernel@vger.kernel.org; > [EMAIL PROTECTED] > Subject: [PATCH] aacraid: Resend, Fix security hole > > On the SCSI layer ioctl path there is no implicit permissions > check for > ioctls (and indeed other drivers implement unprivileged > ioctls). aacraid > however allows all sorts of very admin only things to be done > so should > check. > > Signed-off-by: Alan Cox <[EMAIL PROTECTED]> > > diff -u --new-file --recursive --exclude-from > /usr/src/exclude > linux.vanilla-2.6.23rc1/drivers/scsi/aacraid/linit.c > linux-2.6.23rc1/drivers/scsi/aacraid/linit.c > --- linux.vanilla-2.6.23rc1/drivers/scsi/aacraid/linit.c > 2007-07-23 12:56:12.000000000 +0100 > +++ linux-2.6.23rc1/drivers/scsi/aacraid/linit.c > 2007-07-23 12:57:45.000000000 +0100 > @@ -636,6 +636,8 @@ > static int aac_cfg_ioctl(struct inode *inode, struct file *file, > unsigned int cmd, unsigned long arg) > { > + if (!capable(CAP_SYS_ADMIN)) > + return -EPERM; > return aac_do_ioctl(file->private_data, cmd, (void > __user *)arg); > } > > @@ -689,6 +691,8 @@ > > static long aac_compat_cfg_ioctl(struct file *file, unsigned > cmd, unsigned long arg) > { > + if (!capable(CAP_SYS_ADMIN)) > + return -EPERM; > return aac_compat_do_ioctl((struct aac_dev > *)file->private_data, cmd, arg); > } > #endif > - - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
