[kernel] r14677 - in dists/lenny/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Nov 25 05:21:46 UTC 2009
Author: dannf
Date: Wed Nov 25 05:21:43 2009
New Revision: 14677
Log:
[SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions
(CVE-2009-3889)
Added:
dists/lenny/linux-2.6/debian/patches/bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch
Modified:
dists/lenny/linux-2.6/debian/changelog
dists/lenny/linux-2.6/debian/patches/series/21
Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog Wed Nov 25 05:03:42 2009 (r14676)
+++ dists/lenny/linux-2.6/debian/changelog Wed Nov 25 05:21:43 2009 (r14677)
@@ -22,6 +22,8 @@
* [SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)
* NFSv4: Fix a problem whereby a buggy server can oops the kernel
(CVE-2009-3726)
+ * [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions
+ (CVE-2009-3889)
-- Ben Hutchings <ben at decadent.org.uk> Sat, 24 Oct 2009 23:45:45 +0100
Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch Wed Nov 25 05:21:43 2009 (r14677)
@@ -0,0 +1,31 @@
+commit 66dca9b8c50b5e59d3bea8b21cee5c6dae6c9c46
+Author: Joe Malicki <jmalicki at metacarta.com>
+Date: Thu Aug 14 17:14:48 2008 -0400
+
+ [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions
+
+ /sys/bus/pci/drivers/megaraid_sas/dbg_lvl defaults to being
+ world-writable, which seems bad (letting any user affect kernel driver
+ behavior and logging level).
+
+ This turns off group and user write permissions, so that on typical
+ production systems only root can write to it.
+
+ [jejb: fix up rejections]
+ Signed-off-by: Joseph Malicki <jmalicki at metacarta.com>
+ Acked-by: "Yang, Bo" <Bo.Yang at lsi.com>
+ Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
+
+diff --git a/drivers/scsi/megaraid/megaraid_sas.c b/drivers/scsi/megaraid/megaraid_sas.c
+index 870dc1c..97b7633 100644
+--- a/drivers/scsi/megaraid/megaraid_sas.c
++++ b/drivers/scsi/megaraid/megaraid_sas.c
+@@ -3405,7 +3405,7 @@ megasas_sysfs_set_dbg_lvl(struct device_driver *dd, const char *buf, size_t coun
+ return retval;
+ }
+
+-static DRIVER_ATTR(dbg_lvl, S_IRUGO|S_IWUGO, megasas_sysfs_show_dbg_lvl,
++static DRIVER_ATTR(dbg_lvl, S_IRUGO|S_IWUSR, megasas_sysfs_show_dbg_lvl,
+ megasas_sysfs_set_dbg_lvl);
+
+ static ssize_t
Modified: dists/lenny/linux-2.6/debian/patches/series/21
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/21 Wed Nov 25 05:03:42 2009 (r14676)
+++ dists/lenny/linux-2.6/debian/patches/series/21 Wed Nov 25 05:21:43 2009 (r14677)
@@ -30,3 +30,4 @@
+ features/all/igb-add-82576-MAC-support.patch
+ bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
+ bugfix/all/nfsv4-buggy-server-oops.patch
++ bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch
More information about the Kernel-svn-changes
mailing list