Commit eb51a678 authored by Oliver Neukum's avatar Oliver Neukum Committed by Linus Torvalds

[PATCH] security issue in firmware system

The firmware loader has a security issue.  Firmware on some devices can
write to all memory through DMA.  Therefore the ability to feed firmware
to the kernel is equivalent to writing to /dev/kmem.  CAP_SYS_RAWIO is
needed to protect itself.

[ Editors note: the firmware file is 0644, and owned by root, so this
  "security issue" is really only an issue for people who use
  capabilities explicitly, rather than the regular Unix permissions.
  This patch makes it do the same checks we do for /dev/mem etc.  ]
Signed-Off-By: default avatarOliver Neukum <oliver@neukum.name>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent d7ce417e
...@@ -235,6 +235,8 @@ firmware_data_write(struct kobject *kobj, ...@@ -235,6 +235,8 @@ firmware_data_write(struct kobject *kobj,
struct firmware *fw; struct firmware *fw;
ssize_t retval; ssize_t retval;
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
down(&fw_lock); down(&fw_lock);
fw = fw_priv->fw; fw = fw_priv->fw;
if (test_bit(FW_STATUS_DONE, &fw_priv->status)) { if (test_bit(FW_STATUS_DONE, &fw_priv->status)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment