The SG_IO ioctl's command whitelist is designed for MMC devices (roughly,
"play/burn CDs without requiring root") but some opcodes overlap across SCSI
device classes and have different meanings for different classes.
To fix this, use different bitmaps for the various device classes.
This is CVE-2012-4542.
v2->v3: patches are now split differently, according to Tejun's indications;
added conflict on operation code A4h.
Paolo Bonzini (4):
sg_io: pass request_queue to blk_verify_command
sg_io: prepare to introduce per-class command filters
sg_io: use different default filters for each device class
sg_io: resolve conflicts between commands assigned to multiple classes
(CVE-2012-4542)
block/bsg.c | 2 +-
block/scsi_ioctl.c | 193 +++++++++++++++++++++++++++--------------------
drivers/scsi/scsi_scan.c | 2 +
drivers/scsi/sg.c | 3 +-
include/linux/blkdev.h | 5 +-
5 files changed, 118 insertions(+), 87 deletions(-)
--
1.8.1.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
