On 11/05/2017 01:56 PM, Aleksa Sarai wrote:
Previously, the only capability effectively required to operate on the /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files, having an fsuid of GLOBAL_ROOT_UID was enough). This means that semi-privileged processes could interfere with core components of a system (such as causing a DoS by removing the underlying SCSI device of the host's / mount).
An alternative to this patch would be to make the open(2) call fail, if you try to open it write-only or read-write. Not sure which would be preferred (should it be possible to pass /proc/scsi/scsi to a semi-privileged process to write to?).
-- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/
