The patch titled security check for LOOP_SET_CAPACITY has been added to the -mm tree. Its filename is loop-add-ioctl-to-resize-a-loop-device-security-check-for-loop_set_capacity.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find out what to do about this The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: security check for LOOP_SET_CAPACITY From: "J. R. Okajima" <hooanon05@xxxxxxxxxxx> Respoding the comment from Linus Torvalds, LOOP_SET_CAPACITY now requires the device file to be opened for write or CAP_SYS_ADMIN. Signed-off-by: J. R. Okajima <hooanon05@xxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- drivers/block/loop.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff -puN drivers/block/loop.c~loop-add-ioctl-to-resize-a-loop-device-security-check-for-loop_set_capacity drivers/block/loop.c --- a/drivers/block/loop.c~loop-add-ioctl-to-resize-a-loop-device-security-check-for-loop_set_capacity +++ a/drivers/block/loop.c @@ -1210,7 +1210,9 @@ static int lo_ioctl(struct block_device err = loop_get_status64(lo, (struct loop_info64 __user *) arg); break; case LOOP_SET_CAPACITY: - err = loop_set_capacity(lo, bdev); + err = -EPERM; + if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) + err = loop_set_capacity(lo, bdev); break; default: err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL; _ Patches currently in -mm which might be from hooanon05@xxxxxxxxxxx are loop-add-ioctl-to-resize-a-loop-device.patch loop-add-ioctl-to-resize-a-loop-device-security-check-for-loop_set_capacity.patch loop-add-ioctl-to-resize-a-loop-device-loop_set_capacity-sector_t-may-be-narrow-for-bit-shfit.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html