* [PATCH 2.6.11.8] SCSI tape security: require CAP_SYS_RAWIO for SG_IO etc.
@ 2005-04-30 7:59 Kai Makisara
2005-05-01 17:56 ` Kai Makisara
0 siblings, 1 reply; 3+ messages in thread
From: Kai Makisara @ 2005-04-30 7:59 UTC (permalink / raw)
To: Greg KH; +Cc: linux-scsi, linux-kernel, James Bottomley
The patch at the end is against 2.6.11.8.
The kernel currently allows any user permitted to access the tape device file
to send the tape drive commands that may either make the tape drivers internal
state inconsistent or to change the drive parameters so that other users find
the drive to be unusable. This patch changes ioctl handling so that SG_IO,
SCSI_IOCTL_COMMAND, etc. require CAP_SYS_RAWIO. This solves the consistency
problems for SCSI tapes. The st driver provides user-accessible commands to
change the drive parameters that users may need to access.
The SCSI command permissions were discussed on the linux lists and solutions
enabling different rules for different devices were suggested. However, none
of these has been implemented in the current kernel. It may very well
be that the tape drives are the only devices that users are sometimes given
permissions to access and that have security problems with the current command
filtering. This patch solves the problem for tapes and no more elaborate
patches are needed. If those are merged to the kernel, this patch can be reversed.
Signed-off-by: Kai Makisara <kai.makisara@kolumbus.fi>
--- linux-2.6.11.8/drivers/scsi/st.c 2005-03-03 21:10:36.000000000 +0200
+++ linux-2.6.11.8-k1/drivers/scsi/st.c 2005-04-30 09:57:21.000000000 +0300
@@ -3414,7 +3414,10 @@ static int st_ioctl(struct inode *inode,
case SCSI_IOCTL_GET_BUS_NUMBER:
break;
default:
- i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
+ if (!capable(CAP_SYS_RAWIO))
+ i = -EPERM;
+ else
+ i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
if (i != -ENOTTY)
return i;
break;
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 2.6.11.8] SCSI tape security: require CAP_SYS_RAWIO for SG_IO etc.
2005-04-30 7:59 [PATCH 2.6.11.8] SCSI tape security: require CAP_SYS_RAWIO for SG_IO etc Kai Makisara
@ 2005-05-01 17:56 ` Kai Makisara
2005-05-03 21:02 ` Greg KH
0 siblings, 1 reply; 3+ messages in thread
From: Kai Makisara @ 2005-05-01 17:56 UTC (permalink / raw)
To: Greg KH; +Cc: linux-scsi, linux-kernel, James Bottomley
On Sat, 30 Apr 2005, Kai Makisara wrote:
> The patch at the end is against 2.6.11.8.
>
> The kernel currently allows any user permitted to access the tape device file
> to send the tape drive commands that may either make the tape drivers internal
...
> filtering. This patch solves the problem for tapes and no more elaborate
> patches are needed. If those are merged to the kernel, this patch can be reversed.
>
> Signed-off-by: Kai Makisara <kai.makisara@kolumbus.fi>
>
> --- linux-2.6.11.8/drivers/scsi/st.c 2005-03-03 21:10:36.000000000 +0200
> +++ linux-2.6.11.8-k1/drivers/scsi/st.c 2005-04-30 09:57:21.000000000 +0300
> @@ -3414,7 +3414,10 @@ static int st_ioctl(struct inode *inode,
> case SCSI_IOCTL_GET_BUS_NUMBER:
> break;
> default:
> - i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
> + if (!capable(CAP_SYS_RAWIO))
> + i = -EPERM;
> + else
> + i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
> if (i != -ENOTTY)
> return i;
> break;
Please hold this patch. Testing the corresponding patch for 2.6.12-rc
showed that this is too restrictive. Best to wait until the next versions
will be reviewed on the linux-scsi list and merged into -rc.
--
Kai
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 2.6.11.8] SCSI tape security: require CAP_SYS_RAWIO for SG_IO etc.
2005-05-01 17:56 ` Kai Makisara
@ 2005-05-03 21:02 ` Greg KH
0 siblings, 0 replies; 3+ messages in thread
From: Greg KH @ 2005-05-03 21:02 UTC (permalink / raw)
To: Kai Makisara; +Cc: linux-scsi, linux-kernel, James Bottomley
On Sun, May 01, 2005 at 08:56:06PM +0300, Kai Makisara wrote:
> On Sat, 30 Apr 2005, Kai Makisara wrote:
>
> > The patch at the end is against 2.6.11.8.
> >
> > The kernel currently allows any user permitted to access the tape device file
> > to send the tape drive commands that may either make the tape drivers internal
> ...
> > filtering. This patch solves the problem for tapes and no more elaborate
> > patches are needed. If those are merged to the kernel, this patch can be reversed.
> >
> > Signed-off-by: Kai Makisara <kai.makisara@kolumbus.fi>
> >
> > --- linux-2.6.11.8/drivers/scsi/st.c 2005-03-03 21:10:36.000000000 +0200
> > +++ linux-2.6.11.8-k1/drivers/scsi/st.c 2005-04-30 09:57:21.000000000 +0300
> > @@ -3414,7 +3414,10 @@ static int st_ioctl(struct inode *inode,
> > case SCSI_IOCTL_GET_BUS_NUMBER:
> > break;
> > default:
> > - i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
> > + if (!capable(CAP_SYS_RAWIO))
> > + i = -EPERM;
> > + else
> > + i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
> > if (i != -ENOTTY)
> > return i;
> > break;
>
> Please hold this patch. Testing the corresponding patch for 2.6.12-rc
> showed that this is too restrictive. Best to wait until the next versions
> will be reviewed on the linux-scsi list and merged into -rc.
Ok, when you come up with something that is acceptable, care to email it
also to the stable@kernel.org people?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-05-03 21:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-04-30 7:59 [PATCH 2.6.11.8] SCSI tape security: require CAP_SYS_RAWIO for SG_IO etc Kai Makisara
2005-05-01 17:56 ` Kai Makisara
2005-05-03 21:02 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).