Hi Dann, On Tue, Feb 05, 2008 at 03:33:28AM -0700, dann frazier wrote: > This is a 2.4 backport of a linux-2.6 change by Alan Cox. > (commit 60395bb60e0b5e4e0808ac8eb07a92f6c9cdea1f) > > It has been build-tested only (I don't have the hardware). > CVE-2007-4308 was assigned for this issue. > > Commit log from 2.6 follows. > > On the SCSI layer ioctl path there is no implicit permissions check for > ioctls (and indeed other drivers implement unprivileged ioctls). aacraid > however allows all sorts of very admin only things to be done so should > check.
OK, makes sense. I did not notice that one in 2.6, eventhough Alan clearly stated a security hole in the subject. I'm applying it now, thanks! Willy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
