duplicate check for CAP_SYS_RAWIO

From: Tong Zhang
Date: Tue Sep 25 2018 - 13:27:16 EST

Next message: Tong Zhang: "Leaking path for set_task_comm"
Previous message: Tong Zhang: "Leaking path for search_binary_handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kernel Version: 4.18.5

Problem Description:

We found a path where duplicate capability checks are observed,
the path is :

scsi_ioctl<- require CAP_SYS_ADMIN and CAP_SYS_RAWIO
`->sg_scsi_ioctl()
`->blk_verify_command() <- require CAP_SYS_RAWIO

CAP_SYS_RAWIO is checked twice.

related file:
block/scsi_ioctl.c:215
block/scsi_ioctl.c:471
drivers/scsi/scsi_ioctl.c:240
drivers/scsi/scsi_ioctl.c:242

- Tong

Next message: Tong Zhang: "Leaking path for set_task_comm"
Previous message: Tong Zhang: "Leaking path for search_binary_handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]