Bug 146105
| Summary: | CVE-2005-0504 moxa CAP_SYS_RAWIO missing (-unsupported) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 3 | Reporter: | Mark J. Cox <mjc> |
| Component: | kernel | Assignee: | Brian Maly <bmaly> |
| Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.0 | CC: | jbaron, jparadis, peterm, petrides, riel |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | ia64 | ||
| OS: | Linux | ||
| Whiteboard: | impact=moderate,public=20050110 | ||
| Fixed In Version: | RHSA-2005-663 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-09-28 14:45:04 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 156320 | ||
|
Description
Mark J. Cox
2005-01-25 13:11:44 UTC
Reassigning to Brian. Brian, Jason posted a Pensacola patch to RHKL here: http://post-office.corp.redhat.com/archives/rhkernel-list/2005-April/msg00001.html There were two acks but one objection, though.
Posted the following patch to rhkernel-list (pending approval)
--- drivers/char/moxa.c.orig 2005-04-28 11:40:34.000000000 -0400
+++ drivers/char/moxa.c 2005-04-28 11:45:44.000000000 -0400
@@ -905,6 +905,8 @@ static int moxa_ioctl(struct tty_struct
case TIOCSSERIAL:
return (moxa_set_serial_info(ch, (struct serial_struct *) arg));
default:
+ if(!capable(CAP_SYS_ADMIN))
+ return -EACCES;
retval = MoxaDriverIoctl(cmd, arg, port);
}
return (retval);
This patch ended up being better. Already ACKed.
--- linux-2.4.21/drivers/char/moxa.c.orig 2005-05-03 14:48:37.000000000 -0400
+++ linux-2.4.21/drivers/char/moxa.c 2005-05-03 15:29:59.000000000 -0400
@@ -905,6 +905,8 @@ static int moxa_ioctl(struct tty_struct
case TIOCSSERIAL:
return (moxa_set_serial_info(ch, (struct serial_struct *) arg));
default:
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
retval = MoxaDriverIoctl(cmd, arg, port);
}
return (retval);
@@ -1766,15 +1768,21 @@ int MoxaDriverIoctl(unsigned int cmd, un
switch(cmd)
{
case MOXA_LOAD_BIOS:
+ if (!capable(CAP_SYS_RAWIO))
+ return -EPERM;
i = moxaloadbios(dltmp.cardno, dltmp.buf, dltmp.len);
return (i);
case MOXA_FIND_BOARD:
return moxafindcard(dltmp.cardno);
case MOXA_LOAD_C320B:
+ if (!capable(CAP_SYS_RAWIO))
+ return -EPERM;
moxaload320b(dltmp.cardno, dltmp.buf, dltmp.len);
default: /* to keep gcc happy */
return (0);
case MOXA_LOAD_CODE:
+ if (!capable(CAP_SYS_RAWIO))
+ return -EPERM;
i = moxaloadcode(dltmp.cardno, dltmp.buf, dltmp.len);
if (i == -1)
return (-EFAULT);
A fix for this problem has just been committed to the RHEL3 U6 patch pool this evening (in kernel version 2.4.21-32.3.EL). An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-663.html |