| Message ID | 20171104185913.10658-1-asarai@suse.de (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
On 11/04/2017 11:59 AM, Aleksa Sarai wrote: > Previously, the only capability effectively required to operate on the > /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files, > having an fsuid of GLOBAL_ROOT_UID was enough). This means that > semi-privileged processes could interfere with core components of a > system (such as causing a DoS by removing the underlying SCSI device of > the host's / mount). > > Cc: <stable@vger.kernel.org> > Cc: "Eric W. Biederman" <ebiederm@xmission.com> > Signed-off-by: Aleksa Sarai <asarai@suse.de> > --- > drivers/scsi/scsi_proc.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/drivers/scsi/scsi_proc.c b/drivers/scsi/scsi_proc.c > index 480a597b3877..486aedce2f05 100644 > --- a/drivers/scsi/scsi_proc.c > +++ b/drivers/scsi/scsi_proc.c > @@ -51,7 +51,10 @@ static ssize_t proc_scsi_host_write(struct file *file, const char __user *buf, > struct Scsi_Host *shost = PDE_DATA(file_inode(file)); > ssize_t ret = -ENOMEM; > char *page; > - > + > + if (!capable(CAP_SYS_ADMIN)) > + return -EPERM did that build without a trailing ';' ? > + > if (count > PROC_BLOCK_SIZE) > return -EOVERFLOW; > > @@ -313,6 +316,9 @@ static ssize_t proc_scsi_write(struct file *file, const char __user *buf, > char *buffer, *p; > int err; > > + if (!capable(CAP_SYS_ADMIN)) > + return -EPERM; > + > if (!buf || length > PAGE_SIZE) > return -EINVAL; > >
>> Previously, the only capability effectively required to operate on the >> /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files, >> having an fsuid of GLOBAL_ROOT_UID was enough). This means that >> semi-privileged processes could interfere with core components of a >> system (such as causing a DoS by removing the underlying SCSI device of >> the host's / mount). >> >> Cc: <stable@vger.kernel.org> >> Cc: "Eric W. Biederman" <ebiederm@xmission.com> >> Signed-off-by: Aleksa Sarai <asarai@suse.de> >> --- >> drivers/scsi/scsi_proc.c | 8 +++++++- >> 1 file changed, 7 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/scsi/scsi_proc.c b/drivers/scsi/scsi_proc.c >> index 480a597b3877..486aedce2f05 100644 >> --- a/drivers/scsi/scsi_proc.c >> +++ b/drivers/scsi/scsi_proc.c >> @@ -51,7 +51,10 @@ static ssize_t proc_scsi_host_write(struct file *file, const char __user *buf, >> struct Scsi_Host *shost = PDE_DATA(file_inode(file)); >> ssize_t ret = -ENOMEM; >> char *page; >> - >> + >> + if (!capable(CAP_SYS_ADMIN)) >> + return -EPERM > > did that build without a trailing ';' ? D'oh. Re-sent, thanks.
diff --git a/drivers/scsi/scsi_proc.c b/drivers/scsi/scsi_proc.c index 480a597b3877..486aedce2f05 100644 --- a/drivers/scsi/scsi_proc.c +++ b/drivers/scsi/scsi_proc.c @@ -51,7 +51,10 @@ static ssize_t proc_scsi_host_write(struct file *file, const char __user *buf, struct Scsi_Host *shost = PDE_DATA(file_inode(file)); ssize_t ret = -ENOMEM; char *page; - + + if (!capable(CAP_SYS_ADMIN)) + return -EPERM + if (count > PROC_BLOCK_SIZE) return -EOVERFLOW; @@ -313,6 +316,9 @@ static ssize_t proc_scsi_write(struct file *file, const char __user *buf, char *buffer, *p; int err; + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + if (!buf || length > PAGE_SIZE) return -EINVAL;
Previously, the only capability effectively required to operate on the /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files, having an fsuid of GLOBAL_ROOT_UID was enough). This means that semi-privileged processes could interfere with core components of a system (such as causing a DoS by removing the underlying SCSI device of the host's / mount). Cc: <stable@vger.kernel.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Aleksa Sarai <asarai@suse.de> --- drivers/scsi/scsi_proc.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)