aboutsummaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorAlan Cox <alan@lxorguk.ukuu.org.uk>2007-11-07 23:58:10 +0000
committerJames Bottomley <James.Bottomley@HansenPartnership.com>2007-11-11 17:35:48 -0600
commit5f78e89b5f7041895c4820be5c000792243b634f (patch)
tree77e077ea2c470dd0c8c40434ca8b8134f81264b4 /fs
parente6096963d2125294f736df4fc37f4226d0b4d178 (diff)
[SCSI] aacraid: fix security weakness
Actually there are several but one is trivially fixed 1. FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev->fib_list but needs to 2. Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB 3. It is possible to construct an attack via the SRB ioctls where the user obtains assorted elevated privileges. Various approaches are possible, the trivial ones being things like writing to the raw media via scsi commands and the swap image of other executing programs with higher privileges. So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating ones. This is a bandaid fix for #3 but probably the ioctls should grow their own capable checks. The other two bugs need someone competent in that driver to fix them. Signed-off-by: Alan Cox <alan@redhat.com> Acked-by: Mark Salyzyn <mark_salyzyn@adaptec.com> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Diffstat (limited to 'fs')
0 files changed, 0 insertions, 0 deletions