[PATCH v3] scsi: require CAP_SYS_ADMIN to write to procfs interface
From: Aleksa Sarai
Date: Sat Nov 04 2017 - 22:57:04 EST
Previously, the only capability effectively required to operate on the
/proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files,
having an fsuid of GLOBAL_ROOT_UID was enough). This means that
semi-privileged processes could interfere with core components of a
system (such as causing a DoS by removing the underlying SCSI device of
the host's / mount).
Cc: <stable@xxxxxxxxxxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Aleksa Sarai <asarai@xxxxxxx>
---
drivers/scsi/scsi_proc.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_proc.c b/drivers/scsi/scsi_proc.c
index 480a597b3877..05d70e200c5f 100644
--- a/drivers/scsi/scsi_proc.c
+++ b/drivers/scsi/scsi_proc.c
@@ -27,6 +27,7 @@
#include <linux/mutex.h>
#include <linux/gfp.h>
#include <linux/uaccess.h>
+#include <linux/capability.h>
#include <scsi/scsi.h>
#include <scsi/scsi_device.h>
@@ -51,7 +52,10 @@ static ssize_t proc_scsi_host_write(struct file *file, const char __user *buf,
struct Scsi_Host *shost = PDE_DATA(file_inode(file));
ssize_t ret = -ENOMEM;
char *page;
-
+
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
if (count > PROC_BLOCK_SIZE)
return -EOVERFLOW;
@@ -313,6 +317,9 @@ static ssize_t proc_scsi_write(struct file *file, const char __user *buf,
char *buffer, *p;
int err;
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
if (!buf || length > PAGE_SIZE)
return -EINVAL;
--
2.14.3