SG_IO and security
From: Alan Cox
Date: Thu Aug 12 2004 - 08:20:43 EST
Since the entire thread seems to have died again unresolved I'd suggest
the following patch should get into 2.6.8 so that anyone with read
access to any block device cannot issue arbitary scsi commands to it
(like writes or firmware erase)
--- drivers/block/scsi_ioctl.c~ 2004-08-12 14:14:38.078821640 +0100
+++ drivers/block/scsi_ioctl.c 2004-08-12 14:14:38.079821488 +0100
@@ -115,6 +115,8 @@
char sense[SCSI_SENSE_BUFFERSIZE];
unsigned char cmd[BLK_MAX_CDB];
+ if (!capable(CAP_SYS_RAWIO))
+ return -EPERM;
if (hdr->interface_id != 'S')
return -EINVAL;
if (hdr->cmd_len > BLK_MAX_CDB)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/