Received: by 10.223.164.197 with SMTP id h5csp601032wrb; Sat, 4 Nov 2017 19:58:04 -0700 (PDT) X-Google-Smtp-Source: ABhQp+Sr8DE/gzz0RIBl2PWd8lvJxdTTgNXRVuZNvmNR2D7ti0OFb1RGlmCUEDKop2hYK6HfyCIT X-Received: by 10.99.95.14 with SMTP id t14mr11629442pgb.70.1509850683986; Sat, 04 Nov 2017 19:58:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509850683; cv=none; d=google.com; s=arc-20160816; b=Of/CgyP3ndUJrieA6dSvDhh9xcUc8MA+brd3ToD9Kvfmq/laOze4aamK1PyJpXukL3 VY3Y8GC3WcYLK526NPUPBbJ6k7PuB4VEycqwFaI7zcU4NmgdkmTXg2HfUm//YiUmTD1z B17NMhEV6Pulp2NFFCbV5SFFTMF5IyWf0ofyewl9MVQqU4lIkkjY4z1kTGE8kDQW3wfN uGz6gqU2A/EpPINoKVs1g8oCVgWaEjkk5BMxNi9thiFHGgHIudW2iPQAYbF+vJ3fwz/L rV193MyryrW5bevPZmK+EU4dNvbQ/LLQM6oPBShgAk6oeMR1/0AE5rTTc37SELl+pjPq k1Yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=Fi/1sLXgJq/RdhlJBle0ak3c9WuvX4FKaK06tAcfslQ=; b=KG3zo5k1nK2lTgXebw0E8hlIvVKhadeD6onMQduyxeN17nweaYgcsqPSEKl3VEnqQ5 ou3QIhhvTZN2+IDTFy7FPtzRRegwcsqwhW+hmsN8fRst7N2VanvYyShHlRBTobPrLrUA 529jFtljSt8aXdELMPTdvNFrs7sBWQzN+F4VXDjm/uVArrcfhO8FC9FEYDcNNRQrc65R esj3ZHEZ1SYU2NSMulPx/jWHYzPR9bfaXXpcV2HH6ikXBaa3j0sCiOQ5xHNGqv91Ihle /tbKeFHB6+Gg0SL6mEqp62mTstYtaYiQ7aoGpuOfS6r8NcnaH7JUlne4DKlyw2QC2A0z xjgw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o18si8961778pgv.570.2017.11.04.19.57.41; Sat, 04 Nov 2017 19:58:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752544AbdKEC4p (ORCPT + 94 others); Sat, 4 Nov 2017 22:56:45 -0400 Received: from mx2.suse.de ([195.135.220.15]:46302 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751613AbdKEC4n (ORCPT ); Sat, 4 Nov 2017 22:56:43 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 04887AAAD; Sun, 5 Nov 2017 02:56:41 +0000 (UTC) From: Aleksa Sarai To: "James E.J. Bottomley" , "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, Valentin Rothberg , cyphar@cyphar.com, Aleksa Sarai , stable@vger.kernel.org, "Eric W. Biederman" Subject: [PATCH v3] scsi: require CAP_SYS_ADMIN to write to procfs interface Date: Sun, 5 Nov 2017 13:56:35 +1100 Message-Id: <20171105025635.10843-1-asarai@suse.de> X-Mailer: git-send-email 2.14.3 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Previously, the only capability effectively required to operate on the /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files, having an fsuid of GLOBAL_ROOT_UID was enough). This means that semi-privileged processes could interfere with core components of a system (such as causing a DoS by removing the underlying SCSI device of the host's / mount). Cc: Cc: "Eric W. Biederman" Signed-off-by: Aleksa Sarai --- drivers/scsi/scsi_proc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/scsi_proc.c b/drivers/scsi/scsi_proc.c index 480a597b3877..05d70e200c5f 100644 --- a/drivers/scsi/scsi_proc.c +++ b/drivers/scsi/scsi_proc.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include @@ -51,7 +52,10 @@ static ssize_t proc_scsi_host_write(struct file *file, const char __user *buf, struct Scsi_Host *shost = PDE_DATA(file_inode(file)); ssize_t ret = -ENOMEM; char *page; - + + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + if (count > PROC_BLOCK_SIZE) return -EOVERFLOW; @@ -313,6 +317,9 @@ static ssize_t proc_scsi_write(struct file *file, const char __user *buf, char *buffer, *p; int err; + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + if (!buf || length > PAGE_SIZE) return -EINVAL; -- 2.14.3 From 1583716805683113898@xxx Fri Nov 10 21:40:42 +0000 2017 X-GM-THRID: 1583716805683113898 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread