Capabilities issue in firmware loader

From: Oliver Neukum
Date: Fri Sep 24 2004 - 13:16:08 EST

Next message: Lennert Buytenhek: "Re: The ultimate TOE design"
Previous message: John Cherry: "Re: 2.6.9-rc2-mm3 (compile stats)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

the firmware loader has a security issue. Firmware on some devices can
write to all memory through DMA. Therefore the ability to feed firmware
to the kernel is equivalent to writing to /dev/kmem. CAP_SYS_RAWIO is
needed to protect itself.
Please apply.

Regards
Oliver

Signed-Off-By: Oliver Neukum <oliver@xxxxxxxxxxx>

You can import this changeset into BK by piping this whole message to:
'| bk receive [path to repository]' or apply the patch as usual.

===================================================================

ChangeSet@xxxxxx, 2004-09-23 17:40:42+02:00, oliver@xxxxxxxxxxxxxxxxxxxx
- require CAP_SYS_RAWIO to change firmware

firmware_class.c | 2 ++
1 files changed, 2 insertions(+)

diff -Nru a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
--- a/drivers/base/firmware_class.c Thu Sep 23 18:57:32 2004
+++ b/drivers/base/firmware_class.c Thu Sep 23 18:57:32 2004
@@ -235,6 +235,8 @@
struct firmware *fw;
ssize_t retval;

+ if (!capable(CAP_SYS_RAWIO))
+ return -EPERM;
down(&fw_lock);
fw = fw_priv->fw;
if (test_bit(FW_STATUS_DONE, &fw_priv->status)) {

===================================================================

This BitKeeper patch contains the following changesets:
1.1948
## Wrapped with gzip_uu ##

M'XL( 'P 4T$ \V4;6O;,!2%/T>_0J-?6DIL75E^'1G)LK*5;30D*V.4$A3Y
M-C9UK%9RFA7\XR=GM%U@9-W88)8QZ,5'.N<^Z(">6S193U?E'1IR0-]IV[@N
MUKI&K] KK,IZ_=739NDFIUJ[2;\;]G55E=S_9!"MO]'FFD?$K9C(1A742=FL
M!U[P.-+<WV#6FYZ\/?\PFA(R&-!Q(>LESK"A@P%IM+F356Z'LBDJ77N-D;5=
M82,]I5?MX]*6,\9="R$.6!BU$#$1MPIR "D <\9%$@EB="7K?&@P+V33*5P\
MZ%_N:@F6<@ A@A!:@"!,R!L*'J0BH4SX+/5Y0"'.!,L$/V8\8XQ^#VKXLX#H
M,= ^(Z_IWW4S)HKVJ<';=6F0CD>3^>S+;#X=?3X]<SM1M96C5Z59;:1!\IX"
M=[;(Y"EATO_-AQ F&7E%W;F;^V&.BU+6G<.+I<'E99N;+@/K+Z1%_V'CN:JD
MM9[J7 4L@A2B@ =A"V'BOD+E'/-@D2PP5!C)?3G^6K^K6P A%Y"ZNK$8MD3M
M_:VC[-_9(84JAI5MO!Q_8.TY/ECB^$N"N&5Q%+(M?YSMT,=%!NESZ./_!WW;
M>IS1OMEL7T?39']I_@#/4Q[$E)->>44/7RAY(Q<5'NX<[NB(]'H&F[6I:?]D
><C+]^/+I?E(%JFN[7@T4\#2*$T&^ 9"HV\((!0
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lennert Buytenhek: "Re: The ultimate TOE design"
Previous message: John Cherry: "Re: 2.6.9-rc2-mm3 (compile stats)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]