[Lucid][CVE-2013-6383] aacraid: missing capable() check in compat ioctl
Luis Henriques
luis.henriques at canonical.com
Thu Dec 12 14:25:45 UTC 2013
From: Dan Carpenter <dan.carpenter at oracle.com>
CVE-2013-6383
BugLink: http://bugs.launchpad.net/bugs/1256094
In commit d496f94d22d1 ('[SCSI] aacraid: fix security weakness') we
added a check on CAP_SYS_RAWIO to the ioctl. The compat ioctls need the
check as well.
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Cc: stable at kernel.org
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
(cherry picked from commit f856567b930dfcdbc3323261bf77240ccdde01f5)
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
drivers/scsi/aacraid/linit.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
index 9b97c3e..387872c 100644
--- a/drivers/scsi/aacraid/linit.c
+++ b/drivers/scsi/aacraid/linit.c
@@ -754,6 +754,8 @@ static long aac_compat_do_ioctl(struct aac_dev *dev, unsigned cmd, unsigned long
static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg)
{
struct aac_dev *dev = (struct aac_dev *)sdev->host->hostdata;
+ if (!capable(CAP_SYS_RAWIO))
+ return -EPERM;
return aac_compat_do_ioctl(dev, cmd, (unsigned long)arg);
}
--
1.8.3.2
More information about the kernel-team
mailing list