Re: [PATCH v2] scsi: require CAP_SYS_ADMIN to write to procfs interface

From: Randy Dunlap
Date: Sat Nov 04 2017 - 16:50:35 EST


On 11/04/2017 01:26 PM, Aleksa Sarai wrote:
> Previously, the only capability effectively required to operate on the
> /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files,
> having an fsuid of GLOBAL_ROOT_UID was enough). This means that
> semi-privileged processes could interfere with core components of a
> system (such as causing a DoS by removing the underlying SCSI device of
> the host's / mount).
>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
> Signed-off-by: Aleksa Sarai <asarai@xxxxxxx>

There should be an
#include <linux/capability.h>
somewhere... even if some other header file is dragging it in (which
it must be), the preferred style is to always explicitly #include
header files that are used.

> ---
> drivers/scsi/scsi_proc.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/scsi_proc.c b/drivers/scsi/scsi_proc.c
> index 480a597b3877..8c891ab16b11 100644
> --- a/drivers/scsi/scsi_proc.c
> +++ b/drivers/scsi/scsi_proc.c
> @@ -51,7 +51,10 @@ static ssize_t proc_scsi_host_write(struct file *file, const char __user *buf,
> struct Scsi_Host *shost = PDE_DATA(file_inode(file));
> ssize_t ret = -ENOMEM;
> char *page;
> -
> +
> + if (!capable(CAP_SYS_ADMIN))
> + return -EPERM;
> +
> if (count > PROC_BLOCK_SIZE)
> return -EOVERFLOW;
>
> @@ -313,6 +316,9 @@ static ssize_t proc_scsi_write(struct file *file, const char __user *buf,
> char *buffer, *p;
> int err;
>
> + if (!capable(CAP_SYS_ADMIN))
> + return -EPERM;
> +
> if (!buf || length > PAGE_SIZE)
> return -EINVAL;
>
>


--
~Randy