OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/drivers
History
Alan Cox d496f94d22 [SCSI] aacraid: fix security weakness 
Actually there are several but one is trivially fixed

1.	FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev->fib_list
but needs to
2.	Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB
3.	It is possible to construct an attack via the SRB ioctls where
the user obtains assorted elevated privileges. Various approaches are
possible, the trivial ones being things like writing to the raw media
via scsi commands and the swap image of other executing programs with
higher privileges.

So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating
ones. This is a bandaid fix for #3 but probably the ioctls should grow
their own capable checks. The other two bugs need someone competent in that
driver to fix them.

Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
 		2008-01-23 11:29:27 -06:00
..
acorn/char
acpi Pull bugzilla-9362 into release branch 2007-12-14 15:14:52 -05:00
amba
ata [SCSI] libata: fix corruption induced by relaxed DMA alignment in SCSI 2008-01-23 11:27:54 -06:00
atm [ATM]: [nicstar] delay irq setup until card is configured 2008-01-08 23:30:01 -08:00
auxdisplay
base [SCSI] attribute_container: update to use the group interface 2008-01-23 11:29:17 -06:00
block loop: fix bad bio_alloc() nr_iovec request 2008-01-11 10:14:40 +01:00
bluetooth
cdrom
char pl2303: Fix mode switching regression 2008-01-08 16:16:34 -08:00
clocksource
connector [CONNECTOR]: Don't touch queue dev after decrement of ref count. 2008-01-08 23:44:44 -08:00
cpufreq drivers/cpufreq/cpufreq_stats.c section fix 2007-12-17 19:28:16 -08:00
cpuidle
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2008-01-10 16:09:34 -08:00
dca
dio
dma I/OAT: fix null device in call to dev_err() 2007-12-17 19:28:17 -08:00
edac i5000_edac: no need to __stringify() KBUILD_BASENAME 2007-11-14 18:45:41 -08:00
eisa
firewire [SCSI] relax scsi dma alignment 2008-01-11 18:29:22 -06:00
firmware dmi-id: fix for __you_cannot_kmalloc_that_much failure 2008-01-08 16:10:36 -08:00
hid
hwmon hwmon: (w83627ehf) Be more careful when changing VID input level 2008-01-03 07:33:31 -05:00
i2c i2c/isp1301_omap: Build fix 2007-12-12 13:45:25 +01:00
ide IDE: terminate ACPI DMI list 2008-01-11 11:42:07 -08:00
ieee1394 [SCSI] relax scsi dma alignment 2008-01-11 18:29:22 -06:00
infiniband [SCSI] iscsi: convert xmit path to iscsi chunks 2008-01-11 18:28:42 -06:00
input spi: use simplified spi_sync() calling convention 2007-12-05 09:21:19 -08:00
isdn [ISDN]: i4l: Fix DLE handling for i4l-audio 2008-01-04 03:55:44 -08:00
kvm KVM: SVM: Fix FPU leak while emulating clts 2007-11-27 15:38:18 +02:00
leds leds: Fix locomo LED driver oops 2007-12-31 23:11:11 +00:00
lguest virtio: fix module/device unloading 2007-11-19 11:20:42 +11:00
macintosh drivers/macintosh/via-pmu.c: Added a missing iounmap 2007-12-17 19:28:16 -08:00
mca
md md: fix data corruption when a degraded raid5 array is reshaped 2008-01-08 16:10:35 -08:00
media V4L/DVB (7001): av7110: fix section mismatch 2008-01-11 15:02:25 -02:00
message [SCSI] replace sizeof sense_buffer with SCSI_SENSE_BUFFERSIZE 2008-01-23 11:29:27 -06:00
mfd MFD: SM501 debug typo fix 2007-11-29 09:24:53 -08:00
misc ACPI: thinkpad-acpi: fix lenovo keymap for brightness 2007-12-13 21:59:59 -05:00
mmc sdhci: support JMicron JMB38x chips 2007-12-12 20:01:00 +01:00
mtd cache invalidation error for buffered write 2008-01-11 11:44:37 -08:00
net [FORCEDETH]: Fix reversing the MAC address on suspend. 2008-01-08 23:30:20 -08:00
nubus
of
oprofile oProfile: oops when profile_pc() returns ~0LU 2007-11-14 18:45:37 -08:00
parisc [PARISC] lba_pci: pci_claim_resources disabled expansion roms 2007-12-06 09:38:26 -08:00
parport parport: "dev->timeslice" is an unsigned long, not an int 2007-12-17 19:28:15 -08:00
pci [PCI] Do not enable CRS Software Visibility by default 2007-12-27 21:21:36 -08:00
pcmcia pcmcia: remove pxa2xx_lubbock build warning 2007-12-23 12:54:37 -08:00
pnp drivers/pnp/resource.c: Add missing pci_dev_put 2007-11-29 09:24:52 -08:00
power
ps3 ps3: vuart: fix error path locking 2007-12-23 12:54:37 -08:00
rapidio
rtc rtc-at32ap700x: fix irq init oops 2007-12-17 19:28:15 -08:00
s390 [SCSI] zfcp: Hold queue lock when checking port/unit handle for task management cmd 2008-01-11 18:29:07 -06:00
sbus [WATCHDOG] Sbus: cpwatchdog, remove SPIN_LOCK_UNLOCKED 2007-11-19 21:09:52 +00:00
scsi [SCSI] aacraid: fix security weakness 2008-01-23 11:29:27 -06:00
serial [SERIAL]: Fix section mismatches in Sun serial console drivers. 2007-12-29 01:19:49 -08:00
sh
sn
spi spi_bitbang: always grab lock with irqs blocked 2008-01-08 16:10:35 -08:00
ssb ssb: Fix probing of PCI cores if PCI and PCIE core is available 2008-01-08 23:30:10 -08:00
tc
telephony
uio
usb [SCSI] relax scsi dma alignment 2008-01-11 18:29:22 -06:00
video ps3fb: fix deadlock on kexec() 2008-01-11 11:47:43 -08:00
virtio virtio: fix module/device unloading 2007-11-19 11:20:42 +11:00
w1 W1: fix memset size error 2007-11-14 18:45:36 -08:00
watchdog [WATCHDOG] add Nano 7240 driver 2007-12-04 16:48:06 +00:00
xen
zorro Amiga zorro bus: Add missing zorro_device_remove() 2007-11-26 19:15:31 -08:00
Kconfig
Makefile