[kernel] r16887 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/bugfix/x86 patches/series
Ben Hutchings
benh at alioth.debian.org
Tue Feb 15 02:51:49 UTC 2011
Author: benh
Date: Tue Feb 15 02:51:47 2011
New Revision: 16887
Log:
Restrict write permissions on files in procfs/sysfs
Added:
dists/sid/linux-2.6/debian/patches/bugfix/all/net-can-janz-ican3-world-writable-sysfs-termination-.patch
dists/sid/linux-2.6/debian/patches/bugfix/all/rtc-rtc-ds1511-world-writable-sysfs-nvram-file.patch
dists/sid/linux-2.6/debian/patches/bugfix/all/scsi-aic94xx-world-writable-sysfs-update_bios-file.patch
dists/sid/linux-2.6/debian/patches/bugfix/all/scsi-iscsi-world-writable-sysfs-priv_sess-file.patch
dists/sid/linux-2.6/debian/patches/bugfix/x86/platform-x86-acer-wmi-world-writable-sysfs-threeg-fi.patch
dists/sid/linux-2.6/debian/patches/bugfix/x86/platform-x86-asus_acpi-world-writable-procfs-files.patch
dists/sid/linux-2.6/debian/patches/bugfix/x86/platform-x86-tc1100-wmi-world-writable-sysfs-wireles.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/1
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog Mon Feb 14 23:40:50 2011 (r16886)
+++ dists/sid/linux-2.6/debian/changelog Tue Feb 15 02:51:47 2011 (r16887)
@@ -10,6 +10,8 @@
* Set ABI to 1
* Add aufs2.1, marked as staging (Closes: #573189, #613248)
* fs/notify: Enable FANOTIFY (Closes: #599877)
+ * acer-wmi, aic94xx, asus_acpi, iscsi, janz-ican3, rtc-ds1511, tc1100-wmi:
+ Restrict write permissions on files in procfs/sysfs
[ Aurelien Jarno ]
* [sh4] Export cpu_core_map to fix build failure with CONFIG_SFC=m.
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/net-can-janz-ican3-world-writable-sysfs-termination-.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/net-can-janz-ican3-world-writable-sysfs-termination-.patch Tue Feb 15 02:51:47 2011 (r16887)
@@ -0,0 +1,30 @@
+From: Vasiliy Kulikov <segoon at openwall.com>
+Date: Fri, 4 Feb 2011 02:23:53 +0000
+Subject: [PATCH 4/9] net: can: janz-ican3: world-writable sysfs termination file
+
+commit 1e6d93e45b231b3ae87c01902ede2315aacfe976 upstream.
+
+Don't allow everybody to set terminator via sysfs.
+
+Signed-off-by: Vasiliy Kulikov <segoon at openwall.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ drivers/net/can/janz-ican3.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/drivers/net/can/janz-ican3.c b/drivers/net/can/janz-ican3.c
+index b9a6d7a..366f5cc 100644
+--- a/drivers/net/can/janz-ican3.c
++++ b/drivers/net/can/janz-ican3.c
+@@ -1618,7 +1618,7 @@ static ssize_t ican3_sysfs_set_term(struct device *dev,
+ return count;
+ }
+
+-static DEVICE_ATTR(termination, S_IWUGO | S_IRUGO, ican3_sysfs_show_term,
++static DEVICE_ATTR(termination, S_IWUSR | S_IRUGO, ican3_sysfs_show_term,
+ ican3_sysfs_set_term);
+
+ static struct attribute *ican3_sysfs_attrs[] = {
+--
+1.7.2.3
+
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/rtc-rtc-ds1511-world-writable-sysfs-nvram-file.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/rtc-rtc-ds1511-world-writable-sysfs-nvram-file.patch Tue Feb 15 02:51:47 2011 (r16887)
@@ -0,0 +1,29 @@
+From: Vasiliy Kulikov <segoon at openwall.com>
+Subject: [PATCH 17/20] rtc: rtc-ds1511: world-writable sysfs nvram file
+Date: Fri, 4 Feb 2011 15:24:06 +0300
+
+Don't allow everybogy to write to NVRAM.
+
+Signed-off-by: Vasiliy Kulikov <segoon at openwall.com>
+---
+ Compile tested only.
+
+ drivers/rtc/rtc-ds1511.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/drivers/rtc/rtc-ds1511.c b/drivers/rtc/rtc-ds1511.c
+index 37268e9..afeb546 100644
+--- a/drivers/rtc/rtc-ds1511.c
++++ b/drivers/rtc/rtc-ds1511.c
+@@ -485,7 +485,7 @@ ds1511_nvram_write(struct file *filp, struct kobject *kobj,
+ static struct bin_attribute ds1511_nvram_attr = {
+ .attr = {
+ .name = "nvram",
+- .mode = S_IRUGO | S_IWUGO,
++ .mode = S_IRUGO | S_IWUSR,
+ },
+ .size = DS1511_RAM_MAX,
+ .read = ds1511_nvram_read,
+--
+1.7.0.4
+
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/scsi-aic94xx-world-writable-sysfs-update_bios-file.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/scsi-aic94xx-world-writable-sysfs-update_bios-file.patch Tue Feb 15 02:51:47 2011 (r16887)
@@ -0,0 +1,29 @@
+From: Vasiliy Kulikov <segoon at openwall.com>
+Subject: [PATCH 18/20] scsi: aic94xx: world-writable sysfs update_bios file
+Date: Fri, 4 Feb 2011 15:24:10 +0300
+
+Don't allow everybody to load firmware.
+
+Signed-off-by: Vasiliy Kulikov <segoon at openwall.com>
+---
+ Compile tested only.
+
+ drivers/scsi/aic94xx/aic94xx_init.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/drivers/scsi/aic94xx/aic94xx_init.c b/drivers/scsi/aic94xx/aic94xx_init.c
+index 3b7e83d..d5ff142 100644
+--- a/drivers/scsi/aic94xx/aic94xx_init.c
++++ b/drivers/scsi/aic94xx/aic94xx_init.c
+@@ -486,7 +486,7 @@ static ssize_t asd_show_update_bios(struct device *dev,
+ flash_error_table[i].reason);
+ }
+
+-static DEVICE_ATTR(update_bios, S_IRUGO|S_IWUGO,
++static DEVICE_ATTR(update_bios, S_IRUGO|S_IWUSR,
+ asd_show_update_bios, asd_store_update_bios);
+
+ static int asd_create_dev_attrs(struct asd_ha_struct *asd_ha)
+--
+1.7.0.4
+
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/scsi-iscsi-world-writable-sysfs-priv_sess-file.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/scsi-iscsi-world-writable-sysfs-priv_sess-file.patch Tue Feb 15 02:51:47 2011 (r16887)
@@ -0,0 +1,29 @@
+From: Vasiliy Kulikov <segoon at openwall.com>
+Subject: [PATCH 19/20] scsi: iscsi: world-writable sysfs priv_sess file
+Date: Fri, 4 Feb 2011 15:24:14 +0300
+
+Don't allow everybody to change iSCSI settings.
+
+Signed-off-by: Vasiliy Kulikov <segoon at openwall.com>
+---
+ Compile tested only.
+
+ drivers/scsi/scsi_transport_iscsi.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
+index f905ecb..01543d2 100644
+--- a/drivers/scsi/scsi_transport_iscsi.c
++++ b/drivers/scsi/scsi_transport_iscsi.c
+@@ -1847,7 +1847,7 @@ store_priv_session_##field(struct device *dev, \
+ #define iscsi_priv_session_rw_attr(field, format) \
+ iscsi_priv_session_attr_show(field, format) \
+ iscsi_priv_session_attr_store(field) \
+-static ISCSI_CLASS_ATTR(priv_sess, field, S_IRUGO | S_IWUGO, \
++static ISCSI_CLASS_ATTR(priv_sess, field, S_IRUGO | S_IWUSR, \
+ show_priv_session_##field, \
+ store_priv_session_##field)
+ iscsi_priv_session_rw_attr(recovery_tmo, "%d");
+--
+1.7.0.4
+
Added: dists/sid/linux-2.6/debian/patches/bugfix/x86/platform-x86-acer-wmi-world-writable-sysfs-threeg-fi.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/x86/platform-x86-acer-wmi-world-writable-sysfs-threeg-fi.patch Tue Feb 15 02:51:47 2011 (r16887)
@@ -0,0 +1,30 @@
+From: Vasiliy Kulikov <segoon at openwall.com>
+Date: Fri, 4 Feb 2011 15:23:56 +0300
+Subject: [PATCH 7/9] platform: x86: acer-wmi: world-writable sysfs threeg file
+
+commit a6414907541a44db0586b894b0f19b3be6457da3 upstream.
+
+Don't allow everybody to write to hardware registers.
+
+Signed-off-by: Vasiliy Kulikov <segoon at openwall.com>
+Signed-off-by: Matthew Garrett <mjg at redhat.com>
+---
+ drivers/platform/x86/acer-wmi.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/drivers/platform/x86/acer-wmi.c b/drivers/platform/x86/acer-wmi.c
+index c5c4b8c..a7bcad7 100644
+--- a/drivers/platform/x86/acer-wmi.c
++++ b/drivers/platform/x86/acer-wmi.c
+@@ -1280,7 +1280,7 @@ static ssize_t set_bool_threeg(struct device *dev,
+ return -EINVAL;
+ return count;
+ }
+-static DEVICE_ATTR(threeg, S_IWUGO | S_IRUGO | S_IWUSR, show_bool_threeg,
++static DEVICE_ATTR(threeg, S_IRUGO | S_IWUSR, show_bool_threeg,
+ set_bool_threeg);
+
+ static ssize_t show_interface(struct device *dev, struct device_attribute *attr,
+--
+1.7.2.3
+
Added: dists/sid/linux-2.6/debian/patches/bugfix/x86/platform-x86-asus_acpi-world-writable-procfs-files.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/x86/platform-x86-asus_acpi-world-writable-procfs-files.patch Tue Feb 15 02:51:47 2011 (r16887)
@@ -0,0 +1,39 @@
+From: Vasiliy Kulikov <segoon at openwall.com>
+Date: Fri, 4 Feb 2011 15:23:59 +0300
+Subject: [PATCH 8/9] platform: x86: asus_acpi: world-writable procfs files
+
+commit e75b7eb5716256c52a123a467be25fb5e03fa930 upstream.
+
+Don't allow everybody to change ACPI settings. The comment says that it
+is done deliberatelly, however, the comment before disp_proc_write()
+says that at least one of these setting is experimental.
+
+Signed-off-by: Vasiliy Kulikov <segoon at openwall.com>
+Signed-off-by: Matthew Garrett <mjg at redhat.com>
+---
+ drivers/platform/x86/asus_acpi.c | 8 +-------
+ 1 files changed, 1 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/platform/x86/asus_acpi.c b/drivers/platform/x86/asus_acpi.c
+index 4633fd8..fe49593 100644
+--- a/drivers/platform/x86/asus_acpi.c
++++ b/drivers/platform/x86/asus_acpi.c
+@@ -1081,14 +1081,8 @@ static int asus_hotk_add_fs(struct acpi_device *device)
+ struct proc_dir_entry *proc;
+ mode_t mode;
+
+- /*
+- * If parameter uid or gid is not changed, keep the default setting for
+- * our proc entries (-rw-rw-rw-) else, it means we care about security,
+- * and then set to -rw-rw----
+- */
+-
+ if ((asus_uid == 0) && (asus_gid == 0)) {
+- mode = S_IFREG | S_IRUGO | S_IWUGO;
++ mode = S_IFREG | S_IRUGO | S_IWUSR | S_IWGRP;
+ } else {
+ mode = S_IFREG | S_IRUSR | S_IRGRP | S_IWUSR | S_IWGRP;
+ printk(KERN_WARNING " asus_uid and asus_gid parameters are "
+--
+1.7.2.3
+
Added: dists/sid/linux-2.6/debian/patches/bugfix/x86/platform-x86-tc1100-wmi-world-writable-sysfs-wireles.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/x86/platform-x86-tc1100-wmi-world-writable-sysfs-wireles.patch Tue Feb 15 02:51:47 2011 (r16887)
@@ -0,0 +1,30 @@
+From: Vasiliy Kulikov <segoon at openwall.com>
+Date: Fri, 4 Feb 2011 15:24:03 +0300
+Subject: [PATCH 9/9] platform: x86: tc1100-wmi: world-writable sysfs wireless and jogdial files
+
+commit 9f6c8b9930b72876dbd934e8563818cfb5e481e2 upstream.
+
+Don't allow everybody to change WMI settings.
+
+Signed-off-by: Vasiliy Kulikov <segoon at openwall.com>
+Signed-off-by: Matthew Garrett <mjg at redhat.com>
+---
+ drivers/platform/x86/tc1100-wmi.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/drivers/platform/x86/tc1100-wmi.c b/drivers/platform/x86/tc1100-wmi.c
+index 1fe0f1f..865ef78 100644
+--- a/drivers/platform/x86/tc1100-wmi.c
++++ b/drivers/platform/x86/tc1100-wmi.c
+@@ -162,7 +162,7 @@ set_bool_##value(struct device *dev, struct device_attribute *attr, \
+ return -EINVAL; \
+ return count; \
+ } \
+-static DEVICE_ATTR(value, S_IWUGO | S_IRUGO | S_IWUSR, \
++static DEVICE_ATTR(value, S_IRUGO | S_IWUSR, \
+ show_bool_##value, set_bool_##value);
+
+ show_set_bool(wireless, TC1100_INSTANCE_WIRELESS);
+--
+1.7.2.3
+
Modified: dists/sid/linux-2.6/debian/patches/series/1
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/1 Mon Feb 14 23:40:50 2011 (r16886)
+++ dists/sid/linux-2.6/debian/patches/series/1 Tue Feb 15 02:51:47 2011 (r16887)
@@ -14,3 +14,11 @@
+ features/all/aufs2/aufs2-add.patch
# mark as staging/crap
+ features/all/aufs2/mark-as-staging.patch
+
++ bugfix/all/net-can-janz-ican3-world-writable-sysfs-termination-.patch
++ bugfix/x86/platform-x86-acer-wmi-world-writable-sysfs-threeg-fi.patch
++ bugfix/x86/platform-x86-asus_acpi-world-writable-procfs-files.patch
++ bugfix/x86/platform-x86-tc1100-wmi-world-writable-sysfs-wireles.patch
++ bugfix/all/rtc-rtc-ds1511-world-writable-sysfs-nvram-file.patch
++ bugfix/all/scsi-aic94xx-world-writable-sysfs-update_bios-file.patch
++ bugfix/all/scsi-iscsi-world-writable-sysfs-priv_sess-file.patch
More information about the Kernel-svn-changes
mailing list