kernel-ark/drivers
Alan Cox 5f78e89b5f [SCSI] aacraid: fix security weakness
Actually there are several but one is trivially fixed

1.	FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev->fib_list
but needs to
2.	Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB
3.	It is possible to construct an attack via the SRB ioctls where
the user obtains assorted elevated privileges. Various approaches are
possible, the trivial ones being things like writing to the raw media
via scsi commands and the swap image of other executing programs with
higher privileges.

So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating
ones. This is a bandaid fix for #3 but probably the ioctls should grow
their own capable checks. The other two bugs need someone competent in that
driver to fix them.

Signed-off-by: Alan Cox <alan@redhat.com>
Acked-by: Mark Salyzyn <mark_salyzyn@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2007-11-11 17:35:48 -06:00
..
acorn/char
acpi Pull documentation into release branch 2007-10-29 17:31:01 -04:00
amba
ata ata_piix: Add additional PCI identifier for 40 wire short cable 2007-11-05 15:12:33 -08:00
atm Eliminate pointless casts from void* in a few driver irq handlers. 2007-10-23 19:53:16 -04:00
auxdisplay
base cleanup asm/scatterlist.h includes 2007-11-02 08:47:06 +01:00
block paride: fix 'and' typo in drivers/block/paride/pt.c 2007-11-05 15:12:32 -08:00
bluetooth
cdrom SG: audit of drivers that use blk_rq_map_sg() 2007-10-24 13:21:21 +02:00
char drm: DRM: fix memset size error 2007-11-06 10:12:44 +10:00
clocksource
connector [CONNECTOR]: Fix a spurious kfree_skb() call 2007-10-30 21:29:47 -07:00
cpufreq
cpuidle cpuidle: remove unused exports 2007-10-29 17:27:50 -04:00
crypto [CRYPTO] users: Fix up scatterlist conversion errors 2007-10-27 00:52:07 -07:00
dca
dio
dma Remove bogus default y for DMAR and NET_DMA 2007-10-30 08:06:55 -07:00
edac
eisa
firewire firewire: Fix pci resume to not pass in a __be32 config rom. 2007-10-31 19:02:19 +01:00
firmware
hid HID: Don't access input_dev->private directly 2007-10-31 13:30:35 +01:00
hwmon
i2c
ide ide: fix IDE_HFLAG_NO_ATAPI_DMA handling in config_drive_for_dma() 2007-11-05 21:42:30 +01:00
ieee1394 ieee1394: iso and async streams: s/g list fix 2007-11-04 14:31:16 +01:00
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2007-10-30 15:26:56 -07:00
input Use i8253.c lock for PC speaker on MIPS, too. 2007-11-02 19:39:18 -07:00
isdn i4l: errors with assignments in if 2007-11-05 15:12:31 -08:00
kvm
leds leds: bugfixes for leds-gpio 2007-11-05 21:54:41 +00:00
lguest lguest: documentation update 2007-10-25 15:02:50 +10:00
macintosh
mca
md md: fix misapplied patch in raid5.c 2007-11-05 15:12:32 -08:00
media V4L/DVB (6548): pvrusb2: Fix oops on module removal 2007-11-04 21:41:30 -02:00
message i2o: debug messages corrected 2007-11-05 15:12:31 -08:00
mfd
misc fujitsu-laptop.c: remove dead code 2007-10-25 17:43:46 -04:00
mmc cleanup asm/scatterlist.h includes 2007-11-02 08:47:06 +01:00
mtd Eliminate pointless casts from void* in a few driver irq handlers. 2007-10-23 19:53:16 -04:00
net Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 2007-11-05 17:42:41 -08:00
nubus
of
oprofile
parisc parisc: fix sg_page() fallout 2007-10-23 09:49:31 +02:00
parport [PARPORT] Remove unused 'irq' argument from parport irq functions 2007-10-23 19:53:16 -04:00
pci PCI: Add Kconfig option to disable deprecated pci_find_* API 2007-11-05 13:35:17 -08:00
pcmcia
pnp
power
ps3
rapidio
rtc rtc: m48t59 fix section mismatch warning 2007-11-05 15:12:32 -08:00
s390 [S390] Fix priority mistakes in drivers/s390/cio/cmf.c 2007-11-05 11:10:17 +01:00
sbus
scsi [SCSI] aacraid: fix security weakness 2007-11-11 17:35:48 -06:00
serial serial: fix compile warning about putc 2007-11-05 15:12:32 -08:00
sh maple: Fix maple bus compiler warning 2007-10-30 09:56:40 +09:00
sn
spi fix abuses of ptrdiff_t 2007-10-29 07:41:33 -07:00
ssb
tc
telephony telephony: phonedev panics if unregistering device not registered [Bug 9266] 2007-11-05 15:12:33 -08:00
uio
usb cleanup asm/scatterlist.h includes 2007-11-02 08:47:06 +01:00
video Kbuild/doc: fix links to Documentation files 2007-10-30 14:26:30 -07:00
virtio Virtio helper routines for a descriptor ringbuffer implementation 2007-10-23 15:49:55 +10:00
w1 Kbuild/doc: fix links to Documentation files 2007-10-30 14:26:30 -07:00
watchdog Merge git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog 2007-11-02 19:36:26 -07:00
xen
zorro
Kconfig Virtio interface 2007-10-23 15:49:54 +10:00
Makefile Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2007-10-23 16:37:29 -07:00