Commit 102b5ac6 authored by Dann Frazier's avatar Dann Frazier

* bugfix/aacraid-ioctl-perm-check.patch

  [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
  See CVE-2007-4308

svn path=/dists/etch-security/linux-2.6/; revision=9389
parent 74c25c7b
...@@ -17,8 +17,11 @@ linux-2.6 (2.6.18.dfsg.1-13etch2) UNRELEASED; urgency=low ...@@ -17,8 +17,11 @@ linux-2.6 (2.6.18.dfsg.1-13etch2) UNRELEASED; urgency=low
[SECURITY] Fix overriding the server to force signing on caused by [SECURITY] Fix overriding the server to force signing on caused by
checking the wrong gloal variable. checking the wrong gloal variable.
See CVE-2007-3843 See CVE-2007-3843
* bugfix/aacraid-ioctl-perm-check.patch
[SECURITY] Require admin capabilities to issue ioctls to aacraid devices
See CVE-2007-4308
-- dann frazier <dannf@debian.org> Mon, 27 Aug 2007 23:14:40 -0600 -- dann frazier <dannf@debian.org> Mon, 27 Aug 2007 23:29:31 -0600
linux-2.6 (2.6.18.dfsg.1-13etch1) stable-security; urgency=high linux-2.6 (2.6.18.dfsg.1-13etch1) stable-security; urgency=high
......
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
Date: Mon, 23 Jul 2007 13:51:05 +0000 (+0100)
Subject: [SCSI] aacraid: Fix security hole
X-Git-Tag: v2.6.23-rc2~164^2~24
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=60395bb60e0b5e4e0808ac8eb07a92f6c9cdea1f
[SCSI] aacraid: Fix security hole
On the SCSI layer ioctl path there is no implicit permissions check for
ioctls (and indeed other drivers implement unprivileged ioctls). aacraid
however allows all sorts of very admin only things to be done so should
check.
Signed-off-by: Alan Cox <alan@redhat.com>
Acked-by: "Salyzyn, Mark" <mark_salyzyn@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
---
Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf@debian.org>
--- linux-source-2.6.18.orig/drivers/scsi/aacraid/linit.c 2006-09-19 21:42:06.000000000 -0600
+++ linux-source-2.6.18/drivers/scsi/aacraid/linit.c 2007-08-27 23:27:41.805986591 -0600
@@ -536,6 +536,8 @@ static int aac_cfg_open(struct inode *in
static int aac_cfg_ioctl(struct inode *inode, struct file *file,
unsigned int cmd, unsigned long arg)
{
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
return aac_do_ioctl(file->private_data, cmd, (void __user *)arg);
}
@@ -589,6 +591,8 @@ static int aac_compat_ioctl(struct scsi_
static long aac_compat_cfg_ioctl(struct file *file, unsigned cmd, unsigned long arg)
{
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
return aac_compat_do_ioctl((struct aac_dev *)file->private_data, cmd, arg);
}
#endif
...@@ -2,3 +2,4 @@ ...@@ -2,3 +2,4 @@
+ bugfix/cpuset_tasks-underflow.patch + bugfix/cpuset_tasks-underflow.patch
+ bugfix/random-bound-check-ordering.patch + bugfix/random-bound-check-ordering.patch
+ bugfix/cifs-fix-sign-settings.patch + bugfix/cifs-fix-sign-settings.patch
+ bugfix/aacraid-ioctl-perm-check.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment