From: Casey Dahlin <cdahlin@redhat.com> Date: Wed, 18 Nov 2009 15:38:57 -0500 Subject: [scsi] megaraid: fix sas permissions in sysfs Message-id: <4B041511.6090600@redhat.com> Patchwork-id: 21418 O-Subject: [RHEL 5 PATCH]: (CVE-2009-3889, CVE-2009-3939) megaraid: fix sas permissions in sysfs Bugzilla: 537313 CVE: CVE-2009-3889 CVE-2009-3939 RH-Acked-by: Jarod Wilson <jarod@redhat.com> RH-Acked-by: Bryn M. Reeves <bmr@redhat.com> RH-Acked-by: Tomas Henzl <thenzl@redhat.com> RH-Acked-by: Eugene Teo <eugene@redhat.com> BZ 537313 CVE-2009-3889, CVE-2009-3939 This patch changes the permissions of two attributes in /sys/bus/pci/drivers/megaraid_sas which were previously world-writeable, allowing any user to change kernel driver behavior and logging level. Signed-off-by: Don Zickus <dzickus@redhat.com> diff --git a/drivers/scsi/megaraid/megaraid_sas.c b/drivers/scsi/megaraid/megaraid_sas.c index 7954f55..3b42c08 100644 --- a/drivers/scsi/megaraid/megaraid_sas.c +++ b/drivers/scsi/megaraid/megaraid_sas.c @@ -3955,7 +3955,7 @@ megasas_sysfs_set_dbg_lvl(struct device_driver *dd, const char *buf, size_t coun return retval; } -static DRIVER_ATTR(dbg_lvl, S_IRUGO|S_IWUGO, megasas_sysfs_show_dbg_lvl, +static DRIVER_ATTR(dbg_lvl, S_IRUGO|S_IWUSR, megasas_sysfs_show_dbg_lvl, megasas_sysfs_set_dbg_lvl); static ssize_t @@ -4012,7 +4012,7 @@ out: return retval; } -static DRIVER_ATTR(poll_mode_io, S_IRUGO|S_IWUGO, +static DRIVER_ATTR(poll_mode_io, S_IRUGO|S_IWUSR, megasas_sysfs_show_poll_mode_io, megasas_sysfs_set_poll_mode_io);