[PATCH] [CVE-2009-3939] megaraid_sas: remove sysfs poll_mode_io world writable permissions

[PATCH] [CVE-2009-3939] megaraid_sas: remove sysfs poll_mode_io world writable permissions

[Bryn M. Reeves]

[-- Attachment #1: Type: text/plain, Size: 530 bytes --]

Hi Linus,

Posted twice to linux-scsi and once to lkml - doesn't seem to have been
picked up yet.

Similar to the problem with dbg_lvl fixed in commit
66dca9b8c50b5e59d3bea8b21cee5c6dae6c9c46 last year.

/sys/bus/pci/drivers/megaraid_sas/poll_mode_io defaults to being
world-writable, which seems bad (letting any user affect kernel driver
behavior).

This turns off group and user write permissions, so that on typical
production systems only root can write to it.

Signed-off-by: Bryn M. Reeves <bmr@redhat.com>

Cheers,
Bryn.


[-- Attachment #2: megaraid_sas-restrict-poll_mode_io-write-perms.patch --]
[-- Type: text/x-patch, Size: 1061 bytes --]

Author: Bryn M. Reeves <bmr@redhat.com>
Date:   Thu Nov 12 18:31:54 2009 +0000

    [SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable permissions
    
    /sys/bus/pci/drivers/megaraid_sas/poll_mode_io defaults to being
    world-writable, which seems bad (letting any user affect kernel driver
    behavior).
    
    This turns off group and user write permissions, so that on typical
    production systems only root can write to it.
    
    Signed-off-by: Bryn M. Reeves <bmr@redhat.com>

diff -up linux-2.6.18.noarch/drivers/scsi/megaraid/megaraid_sas.c.bmr0 linux-2.6.18.noarch/drivers/scsi/megaraid/megaraid_sas.c
--- linux-2.6.18.noarch/drivers/scsi/megaraid/megaraid_sas.c.bmr0	2009-09-28 17:37:47.000000000 +0100
+++ linux-2.6.18.noarch/drivers/scsi/megaraid/megaraid_sas.c	2009-09-28 17:38:16.000000000 +0100
@@ -3548,7 +3548,7 @@ out:
 	return retval;
 }
 
-static DRIVER_ATTR(poll_mode_io, S_IRUGO|S_IWUGO,
+static DRIVER_ATTR(poll_mode_io, S_IRUGO|S_IWUSR,
 			megasas_sysfs_show_poll_mode_io,
 			megasas_sysfs_set_poll_mode_io);