Patch "aacraid: missing capable() check in compat ioctl" has been added to the 3.10-stable tree

Fri, 08 Nov 2013 21:49:46 -0800 

This is a note to let you know that I've just added the patch titled

    aacraid: missing capable() check in compat ioctl

to the 3.10-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     aacraid-missing-capable-check-in-compat-ioctl.patch
and it can be found in the queue-3.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From f856567b930dfcdbc3323261bf77240ccdde01f5 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <[email protected]>
Date: Tue, 29 Oct 2013 22:11:06 +0300
Subject: aacraid: missing capable() check in compat ioctl

From: Dan Carpenter <[email protected]>

commit f856567b930dfcdbc3323261bf77240ccdde01f5 upstream.

In commit d496f94d22d1 ('[SCSI] aacraid: fix security weakness') we
added a check on CAP_SYS_RAWIO to the ioctl.  The compat ioctls need the
check as well.

Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 drivers/scsi/aacraid/linit.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/scsi/aacraid/linit.c
+++ b/drivers/scsi/aacraid/linit.c
@@ -771,6 +771,8 @@ static long aac_compat_do_ioctl(struct a
 static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user 
*arg)
 {
        struct aac_dev *dev = (struct aac_dev *)sdev->host->hostdata;
+       if (!capable(CAP_SYS_RAWIO))
+               return -EPERM;
        return aac_compat_do_ioctl(dev, cmd, (unsigned long)arg);
 }
 


Patches currently in stable-queue which might be from [email protected] 
are

queue-3.10/staging-wlags49_h2-buffer-overflow-setting-station-name.patch
queue-3.10/staging-ozwpan-prevent-overflow-in-oz_cdev_write.patch
queue-3.10/aacraid-missing-capable-check-in-compat-ioctl.patch
queue-3.10/staging-bcm-info-leak-in-ioctl.patch
queue-3.10/uml-check-length-in-exitcode_proc_write.patch
queue-3.10/staging-sb105x-info-leak-in-mp_get_count.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to