SCSI/megaraid_sas: remove sysfs poll_mode_io world writeable permissions (CVE-2009-3939)

svn path=/dists/trunk/linux-2.6/; revision=14954

debian/changelog

@@ -29,6 +29,8 @@ linux-2.6 (2.6.32-6) UNRELEASED; urgency=low
     - Fix DMA mapping for i915 driver (Closes: #558237)
       + drm: remove address mask param for drm_pci_alloc()
       + agp/intel-agp: Clear entire GTT on startup
+  * SCSI/megaraid_sas: remove sysfs poll_mode_io world writeable permissions
+    (CVE-2009-3939)
 
   [ Ian Campbell ]
   * xen: Enable up to 32G of guest memory on i386.

debian/patches/bugfix/all/megaraid_sas-remove-poll_mode_io-world-write-perm.patch

@@ -0,0 +1,23 @@
+Based on:
+
+From: Bryn M. Reeves <bmr@redhat.com>
+Subject: [PATCH] [SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable permissions
+
+/sys/bus/pci/drivers/megaraid_sas/poll_mode_io defaults to being
+world-writable, which seems bad (letting any user affect kernel driver
+behavior).
+
+This turns off group and user write permissions, so that on typical
+production systems only root can write to it.
+
+--- a/drivers/scsi/megaraid/megaraid_sas.c
++++ b/drivers/scsi/megaraid/megaraid_sas.c
+@@ -3451,7 +3451,7 @@
+ 	return retval;
+ }
+ 
+-static DRIVER_ATTR(poll_mode_io, S_IRUGO|S_IWUGO,
++static DRIVER_ATTR(poll_mode_io, S_IRUGO|S_IWUSR,
+ 		megasas_sysfs_show_poll_mode_io,
+ 		megasas_sysfs_set_poll_mode_io);
+ 

debian/patches/series/6

@@ -26,3 +26,4 @@
 - bugfix/all/ath5k-Fix-eeprom-checksum-check-for-custom-sized-eeproms.patch
 + bugfix/all/stable/2.6.32.4.patch
 + debian/mremap-fix-conflict-between-2.6.32.4-and-vserver.patch
++ bugfix/all/megaraid_sas-remove-poll_mode_io-world-write-perm.patch