Bug 607035
| Summary: | kernel: thinkpad-acpi: lock down video output state access [rhel-6.0] | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Eugene Teo (Security Response) <eteo> | |
| Component: | kernel | Assignee: | Don Howard <dhoward> | |
| Status: | CLOSED DUPLICATE | QA Contact: | Red Hat Kernel QE team <kernel-qe> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | high | |||
| Version: | 6.0 | CC: | arozansk, cebbert, davej, eteo, kmcmartin, lwang | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 607037 607038 607039 (view as bug list) | Environment: | ||
| Last Closed: | 2010-07-19 21:09:13 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 607037, 607038, 607039 | |||
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion. |
Description of problem: Given the right combination of ThinkPad and X.org, just reading the video output control state is enough to hard-crash X.org. Until the day I somehow find out a model or BIOS cut date to not provide this feature to ThinkPads that can do video switching through X RandR, change permissions so that only processes with CAP_SYS_ADMIN can access any sort of video output control state. This bug could be considered a local DoS I suppose, as it allows any non-privledged local user to cause some versions of X.org to hard-crash some ThinkPads. Reported-by: Jidanni <jidanni> Signed-off-by: Henrique de Moraes Holschuh <hmh.br> Cc: stable Upstream commit: http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5