Commit 33aff30a authored by Alan Cox's avatar Alan Cox Committed by Greg Kroah-Hartman

aacraid: fix security hole

On the SCSI layer ioctl path there is no implicit permissions check for
ioctls (and indeed other drivers implement unprivileged ioctls). aacraid
however allows all sorts of very admin only things to be done so should
check.
Signed-off-by: default avatarAlan Cox <alan@redhat.com>
Acked-by: default avatarMark Salyzyn <mark_salyzyn@adaptec.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 08fa53b3
...@@ -597,6 +597,8 @@ static int aac_cfg_open(struct inode *inode, struct file *file) ...@@ -597,6 +597,8 @@ static int aac_cfg_open(struct inode *inode, struct file *file)
static int aac_cfg_ioctl(struct inode *inode, struct file *file, static int aac_cfg_ioctl(struct inode *inode, struct file *file,
unsigned int cmd, unsigned long arg) unsigned int cmd, unsigned long arg)
{ {
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
return aac_do_ioctl(file->private_data, cmd, (void __user *)arg); return aac_do_ioctl(file->private_data, cmd, (void __user *)arg);
} }
...@@ -650,6 +652,8 @@ static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg) ...@@ -650,6 +652,8 @@ static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg)
static long aac_compat_cfg_ioctl(struct file *file, unsigned cmd, unsigned long arg) static long aac_compat_cfg_ioctl(struct file *file, unsigned cmd, unsigned long arg)
{ {
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
return aac_compat_do_ioctl((struct aac_dev *)file->private_data, cmd, arg); return aac_compat_do_ioctl((struct aac_dev *)file->private_data, cmd, arg);
} }
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment