Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > fc11cd6e1c513a17304da94a5390f3cd > files > 3016

kernel-2.6.18-194.11.1.el5.src.rpm

From: Tom Coughlan <coughlan@redhat.com>
Date: Wed, 23 Dec 2009 21:02:00 -0500
Subject: [scsi] qla2xxx: NPIV vport management pseudofiles are world writable
Message-id: 1261602121.304.41.camel@localhost.localdomain
O-Subject: [kernel team] [EMBARGOED][PATCH RHEL5] qla2xxx: NPIV vport   management pseudofiles are world writable
Bugzilla: 537318
RH-Acked-by: Mike Christie <mchristi@redhat.com>
RH-Acked-by: Rob Evers <revers@redhat.com>
RH-Acked-by: Tomas Henzl <thenzl@redhat.com>
RH-Acked-by: David Howells <dhowells@redhat.com>
CVE: CVE-2009-3556

Bug 537177 - (CVE-2009-3556)
Bug 537317 - for rhel-5.4.z
Bug 537318 - for rhel-5.5

>From BZ 537177, posted by Bryn:

Description of problem:

The qla2xxx driver now supports NPIV which adds two new sysfs pseduofiles to
the SCSI host attributes:

w--w--w- root root  /sys/class/scsi_host/host1/vport_create
w--w--w- root root  /sys/class/scsi_host/host1/vport_delete
w--w--w- root root  /sys/class/scsi_host/host2/vport_create
w--w--w- root root  /sys/class/scsi_host/host2/vport_delete

These file default to world writable (S_IWUGO/0222). Upstream uses S_IWUSR
(0644) for these files although they've moved around a bit - the equivalent
attributes are created from drivers/scsi/scsi_transport_fc.c now.

Version-Release number of selected component (if applicable):
2.6.18-63.el5 onwards

How reproducible:
100% on systems that loads qla2xxx on NPIV capable hardware.

Steps to Reproduce:
1. ls -l /sys/class/scsi_host/<a qla2xxx host>/vport_*
   ls -l /sys/class/scsi_host/<a qla2xxx host>/vport_id
   ls -l /sys/class/scsi_host/<a qla2xxx host>/vport_disable
   ls -l /sys/class/scsi_host/<a qla2xxx host>/symbolic_port_name

Actual results:
--w--w--w- root root  /sys/class/scsi_host/host1/vport_create
--w--w--w- root root  /sys/class/scsi_host/host1/vport_delete
--w--w--w- root root  /sys/class/scsi_host/host2/vport_create
--w--w--w- root root  /sys/class/scsi_host/host2/vport_delete
etc.

Expected results:
-rw-r--r-- root root  /sys/class/scsi_host/host1/vport_create
-rw-r--r-- root root  /sys/class/scsi_host/host1/vport_delete
-rw-r--r-- root root  /sys/class/scsi_host/host2/vport_create
-rw-r--r-- root root  /sys/class/scsi_host/host2/vport_delete
etc.

Testing:

Smoke tested but not yest tested on NPIV-capable hardware. We plan to do
that on Monday Jan. 4.

Upstream:

This problem is not in the upstream. It was introduced in RHEL 5 in this
patch:

http://post-office.corp.redhat.com/archives/rhkernel-list/2007-December/msg00704.html

and apparently fixed in the upstream version at some point.

Tom (for Bryn and Rob)

Remove world writable vport management sysfs files from qla2xxx

Signed-off-by: Bryn M. Reeves <bmr@redhat.com>

diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
index a176cf0..7aba98a 100644
--- a/drivers/scsi/qla2xxx/qla_attr.c
+++ b/drivers/scsi/qla2xxx/qla_attr.c
@@ -1898,8 +1898,8 @@ static CLASS_DEVICE_ATTR(total_isp_aborts, S_IRUGO,
     qla2x00_total_isp_aborts_show, NULL);
 static CLASS_DEVICE_ATTR(84xx_fw_version, S_IRUGO,
     qla24xx_84xx_fw_version_show, NULL);
-static CLASS_DEVICE_ATTR(vport_create, S_IWUGO, NULL, qla24xx_vport_create_cdev);
-static CLASS_DEVICE_ATTR(vport_delete, S_IWUGO, NULL, qla24xx_vport_delete);
+static CLASS_DEVICE_ATTR(vport_create, S_IWUSR, NULL, qla24xx_vport_create_cdev);
+static CLASS_DEVICE_ATTR(vport_delete, S_IWUSR, NULL, qla24xx_vport_delete);
 static CLASS_DEVICE_ATTR(max_npiv_vports, S_IRUGO,
 	qla24xx_max_npiv_vports_show, NULL);
 static CLASS_DEVICE_ATTR(npiv_vports_inuse, S_IRUGO,
@@ -1908,10 +1908,10 @@ static CLASS_DEVICE_ATTR(node_name, S_IRUGO, qla24xx_node_name,
 	NULL);
 static CLASS_DEVICE_ATTR(port_name, S_IRUGO, qla24xx_port_name,
 	NULL);
-static CLASS_DEVICE_ATTR(vport_id, S_IRUGO|S_IWUGO, qla24xx_vport_id_show,
+static CLASS_DEVICE_ATTR(vport_id, S_IRUGO|S_IWUSR, qla24xx_vport_id_show,
 	qla24xx_vport_id_store);
-static CLASS_DEVICE_ATTR(vport_disable, S_IWUGO, NULL, qla24xx_vport_disable);
-static CLASS_DEVICE_ATTR(symbolic_port_name, S_IRUGO|S_IWUGO,
+static CLASS_DEVICE_ATTR(vport_disable, S_IWUSR, NULL, qla24xx_vport_disable);
+static CLASS_DEVICE_ATTR(symbolic_port_name, S_IRUGO|S_IWUSR,
 	qla24xx_symbolic_port_name_show, qla24xx_symbolic_port_name_store);
 static CLASS_DEVICE_ATTR(vport_state, S_IRUGO, qla24xx_vport_state_show,
 	NULL);

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional