Author: dannf
Date: Tue Aug 28 05:31:03 2007
New Revision: 9389
Log:
* bugfix/aacraid-ioctl-perm-check.patch
[SECURITY] Require admin capabilities to issue ioctls to aacraid devices
See CVE-2007-4308
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/aacraid-ioctl-perm-check.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/13etch2
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Tue Aug 28 05:31:03 2007
@@ -17,8 +17,11 @@
[SECURITY] Fix overriding the server to force signing on caused by
checking the wrong gloal variable.
See CVE-2007-3843
+ * bugfix/aacraid-ioctl-perm-check.patch
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
- -- dann frazier <[EMAIL PROTECTED]> Mon, 27 Aug 2007 23:14:40 -0600
+ -- dann frazier <[EMAIL PROTECTED]> Mon, 27 Aug 2007 23:29:31 -0600
linux-2.6 (2.6.18.dfsg.1-13etch1) stable-security; urgency=high
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/aacraid-ioctl-perm-check.patch
==============================================================================
--- (empty file)
+++
dists/etch-security/linux-2.6/debian/patches/bugfix/aacraid-ioctl-perm-check.patch
Tue Aug 28 05:31:03 2007
@@ -0,0 +1,40 @@
+From: Alan Cox <[EMAIL PROTECTED]>
+Date: Mon, 23 Jul 2007 13:51:05 +0000 (+0100)
+Subject: [SCSI] aacraid: Fix security hole
+X-Git-Tag: v2.6.23-rc2~164^2~24
+X-Git-Url:
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=60395bb60e0b5e4e0808ac8eb07a92f6c9cdea1f
+
+[SCSI] aacraid: Fix security hole
+
+On the SCSI layer ioctl path there is no implicit permissions check for
+ioctls (and indeed other drivers implement unprivileged ioctls). aacraid
+however allows all sorts of very admin only things to be done so should
+check.
+
+Signed-off-by: Alan Cox <[EMAIL PROTECTED]>
+Acked-by: "Salyzyn, Mark" <[EMAIL PROTECTED]>
+Signed-off-by: James Bottomley <[EMAIL PROTECTED]>
+---
+
+Adjusted to apply to Debian's 2.6.18 by dann frazier <[EMAIL PROTECTED]>
+
+--- linux-source-2.6.18.orig/drivers/scsi/aacraid/linit.c 2006-09-19
21:42:06.000000000 -0600
++++ linux-source-2.6.18/drivers/scsi/aacraid/linit.c 2007-08-27
23:27:41.805986591 -0600
+@@ -536,6 +536,8 @@ static int aac_cfg_open(struct inode *in
+ static int aac_cfg_ioctl(struct inode *inode, struct file *file,
+ unsigned int cmd, unsigned long arg)
+ {
++ if (!capable(CAP_SYS_ADMIN))
++ return -EPERM;
+ return aac_do_ioctl(file->private_data, cmd, (void __user *)arg);
+ }
+
+@@ -589,6 +591,8 @@ static int aac_compat_ioctl(struct scsi_
+
+ static long aac_compat_cfg_ioctl(struct file *file, unsigned cmd, unsigned
long arg)
+ {
++ if (!capable(CAP_SYS_ADMIN))
++ return -EPERM;
+ return aac_compat_do_ioctl((struct aac_dev *)file->private_data, cmd,
arg);
+ }
+ #endif
Modified: dists/etch-security/linux-2.6/debian/patches/series/13etch2
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/13etch2 (original)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch2 Tue Aug 28
05:31:03 2007
@@ -2,3 +2,4 @@
+ bugfix/cpuset_tasks-underflow.patch
+ bugfix/random-bound-check-ordering.patch
+ bugfix/cifs-fix-sign-settings.patch
++ bugfix/aacraid-ioctl-perm-check.patch
_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
