Red Hat Bugzilla – Bug 126396
CAN-2004-0587 Bad permissions on qla* drivers
Last modified: 2007-11-30 17:07:02 EST
A device permission issue was reported in SUSE Linux on May 5th 2004
affecting '/proc/scsi/qla2300/HbaApiNode' file. A local user could
potentially use this to cause a denial of service.
On Red Hat Enterprise Linux 3 this may also affect
drivers/addon/qla2200/qla2x00.c although these are unsupported.
Patch from SUSE attached.
Created attachment 101285 [details]
Patch from SUSE (will need modification for other cases)
A fix for this problem was committed to the RHEL3 U3 this past
Saturday evening (in kernel version 2.4.21-15.14.EL).
Confirmed, linux-2.4.9-qla2200.patch now corrects this, however
Patch8081: linux-2.4.9-qla2200-backup-60702RH2.patch still contains a
couple of proc_mknod(APIDEV_NODE, 0777+S_IFCHR... calls which look to
be the same issue.
Mark, our strategy-to-date with backup drivers is that they should
exactly match the version of the driver in the prior update. No one
should actually be using the backup driver. It is retained solely
for the hypothetical scenario that a driver update causes a serious
regression, in which case a customer could fall back to using the
prior version (which would require manual intervention).
Since customers automatically start using the new driver after
their systems are updated, would it be okay with you if we simply
leave the old backup driver as is?
Ok, I'll put this back in MODIFIED state (fixed in U3). I also
intend to pull the fix into the next security errata (in the E3
stream), and I will update this bug again after committing the
A fix for this problem has also been committed to the RHEL3 E3
patch pool (in kernel version 2.4.21-15.0.4.EL).
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.