From patchwork Sat Nov 4 18:59:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksa Sarai X-Patchwork-Id: 10041675 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A99B46032D for ; Sat, 4 Nov 2017 18:59:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 992F6297D5 for ; Sat, 4 Nov 2017 18:59:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8D2C3297D7; Sat, 4 Nov 2017 18:59:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2EBD1297D5 for ; Sat, 4 Nov 2017 18:59:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751442AbdKDS7n (ORCPT ); Sat, 4 Nov 2017 14:59:43 -0400 Received: from mx2.suse.de ([195.135.220.15]:58479 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750709AbdKDS7m (ORCPT ); Sat, 4 Nov 2017 14:59:42 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 8B7E9ABB1; Sat, 4 Nov 2017 18:59:40 +0000 (UTC) From: Aleksa Sarai To: "James E.J. Bottomley" , "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, Valentin Rothberg , cyphar@cyphar.com, Aleksa Sarai , stable@vger.kernel.org, "Eric W. Biederman" Subject: [PATCH] scsi: require CAP_SYS_ADMIN to write to procfs interface Date: Sun, 5 Nov 2017 05:59:13 +1100 Message-Id: <20171104185913.10658-1-asarai@suse.de> X-Mailer: git-send-email 2.14.3 Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Previously, the only capability effectively required to operate on the /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files, having an fsuid of GLOBAL_ROOT_UID was enough). This means that semi-privileged processes could interfere with core components of a system (such as causing a DoS by removing the underlying SCSI device of the host's / mount). Cc: Cc: "Eric W. Biederman" Signed-off-by: Aleksa Sarai --- drivers/scsi/scsi_proc.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/scsi_proc.c b/drivers/scsi/scsi_proc.c index 480a597b3877..486aedce2f05 100644 --- a/drivers/scsi/scsi_proc.c +++ b/drivers/scsi/scsi_proc.c @@ -51,7 +51,10 @@ static ssize_t proc_scsi_host_write(struct file *file, const char __user *buf, struct Scsi_Host *shost = PDE_DATA(file_inode(file)); ssize_t ret = -ENOMEM; char *page; - + + if (!capable(CAP_SYS_ADMIN)) + return -EPERM + if (count > PROC_BLOCK_SIZE) return -EOVERFLOW; @@ -313,6 +316,9 @@ static ssize_t proc_scsi_write(struct file *file, const char __user *buf, char *buffer, *p; int err; + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + if (!buf || length > PAGE_SIZE) return -EINVAL;