On 21.02.23 г. 20:19 ч., Konstantin Khorenko wrote:
On 27.01.2023 12:34, Nikolay Borisov wrote:
Instead of duplicating CAP_SYS_ADMIN check for every block-cbt ioctl
apart from BLKCBTGET simply factor out the check in the beginning of
blk_cbt_ioctl.
Signed-off-by: Nikolay Borisov <nikolay.bori...@virtuozzo.com>
---
block/blk-cbt.c | 17 +++--------------
1 file changed, 3 insertions(+), 14 deletions(-)
diff --git a/block/blk-cbt.c b/block/blk-cbt.c
index e2a9be83ac0d..269709c7589b 100644
--- a/block/blk-cbt.c
+++ b/block/blk-cbt.c
@@ -992,32 +992,21 @@ int blk_cbt_ioctl(struct block_device *bdev,
unsigned cmd, char __user *arg)
{
struct blk_user_cbt_info __user *ucbt_ioc = (struct
blk_user_cbt_info __user *) arg;
+ if (cmd != BLKCBTGET && !capable(CAP_SYS_ADMIN))
+ return -EACCES;
+
BTW, this changes the behavior a bit.
In case the cmd provided is unknown previously we hit BUG() in any case,
and now we get -EACCES in case !capable(CAP_SYS_ADMIN).
Though i don't think this is a show stopper for this patch.
This means anyone would be able to crash the machine if they sent a
bogus IOCTL.
switch(cmd) {
case BLKCBTSTART:
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
return cbt_ioc_init(bdev, ucbt_ioc);
case BLKCBTSTOP:
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
-
return cbt_ioc_stop(bdev);
case BLKCBTGET:
return cbt_ioc_get(bdev, ucbt_ioc);
case BLKCBTSET:
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
-
return cbt_ioc_set(bdev, ucbt_ioc, 1);
case BLKCBTCLR:
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
-
return cbt_ioc_set(bdev, ucbt_ioc, 0);
case BLKCBTMISC:
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
-
return cbt_ioc_misc(bdev, arg);
default:
BUG();
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
