Previously, the only capability effectively required to operate on the /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files, having an fsuid of GLOBAL_ROOT_UID was enough). This means that semi-privileged processes could interfere with core components of a system (such as causing a DoS by removing the underlying SCSI device of the host's / mount). Cc: <stable@xxxxxxxxxxxxxxx> Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Signed-off-by: Aleksa Sarai <asarai@xxxxxxx> --- drivers/scsi/scsi_proc.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/scsi_proc.c b/drivers/scsi/scsi_proc.c index 480a597b3877..486aedce2f05 100644 --- a/drivers/scsi/scsi_proc.c +++ b/drivers/scsi/scsi_proc.c @@ -51,7 +51,10 @@ static ssize_t proc_scsi_host_write(struct file *file, const char __user *buf, struct Scsi_Host *shost = PDE_DATA(file_inode(file)); ssize_t ret = -ENOMEM; char *page; - + + if (!capable(CAP_SYS_ADMIN)) + return -EPERM + if (count > PROC_BLOCK_SIZE) return -EOVERFLOW; @@ -313,6 +316,9 @@ static ssize_t proc_scsi_write(struct file *file, const char __user *buf, char *buffer, *p; int err; + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + if (!buf || length > PAGE_SIZE) return -EINVAL; -- 2.14.3
