[kernel] r10560 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series
Dann Frazier
dannf at alioth.debian.org
Sun Feb 17 18:29:23 UTC 2008
Author: dannf
Date: Sun Feb 17 18:29:22 2008
New Revision: 10560
Log:
* 262_aacraid-ioctl-perm-check.diff
[SECURITY] Require admin capabilities to issue ioctls to aacraid devices
See CVE-2007-4308
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/262_aacraid-ioctl-perm-check.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Sun Feb 17 18:29:22 2008
@@ -70,8 +70,11 @@
incorrectly promoted return values in bad_inode_ops
This patches changes the kernel ABI.
See CVE-2006-5753
+ * 262_aacraid-ioctl-perm-check.diff
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
- -- dann frazier <dannf at debian.org> Thu, 14 Feb 2008 14:48:39 -0700
+ -- dann frazier <dannf at debian.org> Thu, 14 Feb 2008 14:51:41 -0700
kernel-source-2.4.27 (2.4.27-10sarge5) stable-security; urgency=high
Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/262_aacraid-ioctl-perm-check.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/262_aacraid-ioctl-perm-check.diff Sun Feb 17 18:29:22 2008
@@ -0,0 +1,32 @@
+commit c6cd2bb1a74822d28a4c2d26f169b781820168da
+Author: dann frazier <dannf at hp.com>
+Date: Tue Feb 5 03:33:28 2008 -0700
+
+ 2.4: [SCSI] aacraid: Fix security hole
+
+ This is a 2.4 backport of a linux-2.6 change by Alan Cox.
+ (commit 60395bb60e0b5e4e0808ac8eb07a92f6c9cdea1f)
+
+ It has been build-tested only (I don't have the hardware).
+ CVE-2007-4308 was assigned for this issue.
+
+ Commit log from 2.6 follows.
+
+ On the SCSI layer ioctl path there is no implicit permissions check for
+ ioctls (and indeed other drivers implement unprivileged ioctls). aacraid
+ however allows all sorts of very admin only things to be done so should
+ check.
+
+diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
+index 57d0a40..c6d7bdf 100644
+--- a/drivers/scsi/aacraid/linit.c
++++ b/drivers/scsi/aacraid/linit.c
+@@ -683,6 +683,8 @@ static int aac_cfg_release(struct inode * inode, struct file * file )
+ static int aac_cfg_ioctl(struct inode * inode, struct file * file, unsigned int cmd, unsigned long arg )
+ {
+ struct aac_dev *dev = aac_devices[MINOR(inode->i_rdev)];
++ if (!capable(CAP_SYS_ADMIN))
++ return -EPERM;
+ return aac_do_ioctl(dev, cmd, (void *)arg);
+ }
+
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 Sun Feb 17 18:29:22 2008
@@ -21,3 +21,4 @@
+ 259_ext2_readdir-infinite-loop.diff
+ 260_ext2-skip-pages-past-num-blocks.diff
+ 261_listxattr-mem-corruption.diff
++ 262_aacraid-ioctl-perm-check.diff
More information about the Kernel-svn-changes
mailing list