Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=60395bb60e0b5e4e0808ac8eb07a92f6c9cdea1f Commit: 60395bb60e0b5e4e0808ac8eb07a92f6c9cdea1f Parent: 1079ddcb07e0c39b576cd60174ca00ed9545c163 Author: Alan Cox <[EMAIL PROTECTED]> AuthorDate: Mon Jul 23 14:51:05 2007 +0100 Committer: James Bottomley <[EMAIL PROTECTED]> CommitDate: Mon Jul 23 16:52:30 2007 -0500
[SCSI] aacraid: Fix security hole On the SCSI layer ioctl path there is no implicit permissions check for ioctls (and indeed other drivers implement unprivileged ioctls). aacraid however allows all sorts of very admin only things to be done so should check. Signed-off-by: Alan Cox <[EMAIL PROTECTED]> Acked-by: "Salyzyn, Mark" <[EMAIL PROTECTED]> Signed-off-by: James Bottomley <[EMAIL PROTECTED]> --- drivers/scsi/aacraid/linit.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c index d76e1a8..c709dc8 100644 --- a/drivers/scsi/aacraid/linit.c +++ b/drivers/scsi/aacraid/linit.c @@ -636,6 +636,8 @@ static int aac_cfg_open(struct inode *inode, struct file *file) static int aac_cfg_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) { + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; return aac_do_ioctl(file->private_data, cmd, (void __user *)arg); } @@ -689,6 +691,8 @@ static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg) static long aac_compat_cfg_ioctl(struct file *file, unsigned cmd, unsigned long arg) { + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; return aac_compat_do_ioctl((struct aac_dev *)file->private_data, cmd, arg); } #endif - To unsubscribe from this list: send the line "unsubscribe git-commits-head" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html