2009-12-03 00:40:56

by Casey Dahlin

[permalink] [raw]
Subject: [PATCH] [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions

From: Bryn M. Reeves <[email protected]>

/sys/bus/pci/drivers/megaraid_sas/poll_mode_io defaults to being
world-writable, which seems bad (letting any user affect kernel driver
behavior).

This turns off group and user write permissions, so that on typical
production systems only root can write to it.

Signed-off-by: Bryn M. Reeves <[email protected]>
Signed-off-by: Casey Dahlin <[email protected]>
---
drivers/scsi/megaraid/megaraid_sas.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/scsi/megaraid/megaraid_sas.c b/drivers/scsi/megaraid/megaraid_sas.c
index a39addc..08a7f49 100644
--- a/drivers/scsi/megaraid/megaraid_sas.c
+++ b/drivers/scsi/megaraid/megaraid_sas.c
@@ -3451,7 +3451,7 @@ out:
return retval;
}

-static DRIVER_ATTR(poll_mode_io, S_IRUGO|S_IWUGO,
+static DRIVER_ATTR(poll_mode_io, S_IRUGO|S_IWUSR,
megasas_sysfs_show_poll_mode_io,
megasas_sysfs_set_poll_mode_io);

--
1.6.2.5


2009-12-03 00:08:39

by Eugene Teo

[permalink] [raw]
Subject: Re: [PATCH] [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions

On 12/02/2009 11:17 PM, Casey Dahlin wrote:
> From: Bryn M. Reeves<[email protected]>
>
> /sys/bus/pci/drivers/megaraid_sas/poll_mode_io defaults to being
> world-writable, which seems bad (letting any user affect kernel driver
> behavior).
>
> This turns off group and user write permissions, so that on typical
> production systems only root can write to it.
>
> Signed-off-by: Bryn M. Reeves<[email protected]>
> Signed-off-by: Casey Dahlin<[email protected]>

CC: Eugene Teo <[email protected]>

The subject should read: megaraid_sas: remove poll_mode_io world
writeable permissions instead, and this has been assigned with
CVE-2009-3939.

Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team

2009-12-03 15:18:51

by Yang, Bo

[permalink] [raw]
Subject: RE: [PATCH] [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions

How do you turn on poll_mode_io?

Thanks,

Bo Yang

________________________________________
From: Eugene Teo [[email protected]]
Sent: Wednesday, December 02, 2009 7:08 PM
To: Casey Dahlin
Cc: [email protected]; Bryn M. Reeves; DL-MegaRAID Linux; James E.J. Bottomley; Andrew Morton; Yang Hongyang; Anand Gadiyar; Jiri Kosina; [email protected]
Subject: Re: [PATCH] [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions

On 12/02/2009 11:17 PM, Casey Dahlin wrote:
> From: Bryn M. Reeves<[email protected]>
>
> /sys/bus/pci/drivers/megaraid_sas/poll_mode_io defaults to being
> world-writable, which seems bad (letting any user affect kernel driver
> behavior).
>
> This turns off group and user write permissions, so that on typical
> production systems only root can write to it.
>
> Signed-off-by: Bryn M. Reeves<[email protected]>
> Signed-off-by: Casey Dahlin<[email protected]>

CC: Eugene Teo <[email protected]>

The subject should read: megaraid_sas: remove poll_mode_io world
writeable permissions instead, and this has been assigned with
CVE-2009-3939.

Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team-

2009-12-04 13:38:27

by Bryn M. Reeves

[permalink] [raw]
Subject: RE: [PATCH] [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions

On Thu, 2009-12-03 at 08:01 -0700, Yang, Bo wrote:
> How do you turn on poll_mode_io?

Write to the file as root?

Bryn.