linux/drivers
Paolo Bonzini 0bfc96cb77 block: fail SCSI passthrough ioctls on partition devices
Linux allows executing the SG_IO ioctl on a partition or LVM volume, and
will pass the command to the underlying block device.  This is
well-known, but it is also a large security problem when (via Unix
permissions, ACLs, SELinux or a combination thereof) a program or user
needs to be granted access only to part of the disk.

This patch lets partitions forward a small set of harmless ioctls;
others are logged with printk so that we can see which ioctls are
actually sent.  In my tests only CDROM_GET_CAPABILITY actually occurred.
Of course it was being sent to a (partition on a) hard disk, so it would
have failed with ENOTTY and the patch isn't changing anything in
practice.  Still, I'm treating it specially to avoid spamming the logs.

In principle, this restriction should include programs running with
CAP_SYS_RAWIO.  If for example I let a program access /dev/sda2 and
/dev/sdb, it still should not be able to read/write outside the
boundaries of /dev/sda2 independent of the capabilities.  However, for
now programs with CAP_SYS_RAWIO will still be allowed to send the
ioctls.  Their actions will still be logged.

This patch does not affect the non-libata IDE driver.  That driver
however already tests for bd != bd->bd_contains before issuing some
ioctl; it could be restricted further to forbid these ioctls even for
programs running with CAP_SYS_ADMIN/CAP_SYS_RAWIO.

Cc: linux-scsi@vger.kernel.org
Cc: Jens Axboe <axboe@kernel.dk>
Cc: James Bottomley <JBottomley@parallels.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[ Make it also print the command name when warning - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-01-14 15:07:24 -08:00
..
accessibility module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
acpi module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
amba
ata module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
atm module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
auxdisplay
base dma-buf: drop option text so users don't select it. 2012-01-13 09:05:14 +00:00
bcma
block block: add and use scsi_blk_cmd_ioctl 2012-01-14 15:07:24 -08:00
bluetooth module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
cdrom block: add and use scsi_blk_cmd_ioctl 2012-01-14 15:07:24 -08:00
char Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
clk
clocksource
connector
cpufreq Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq 2012-01-11 18:53:33 -08:00
cpuidle
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2012-01-10 22:01:27 -08:00
dca
devfreq
dio
dma clock management changes for i.MX 2012-01-09 14:44:15 -08:00
edac module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
eisa
firewire module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
firmware Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound 2012-01-12 08:00:30 -08:00
gpio 2nd round of GPIO changes for v3.3 merge window 2012-01-14 13:25:23 -08:00
gpu nouveau: Support Optimus models for vga_switcheroo 2012-01-13 09:09:15 +00:00
hid module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
hv
hwmon module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
hwspinlock
i2c Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-01-14 13:05:21 -08:00
ide block: add and use scsi_blk_cmd_ioctl 2012-01-14 15:07:24 -08:00
idle
ieee802154
infiniband module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
input Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
iommu Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu 2012-01-10 11:08:21 -08:00
isdn Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
leds Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
lguest lguest: Make sure interrupt is allocated ok by lguest_setup_irq 2012-01-12 15:44:47 +10:30
macintosh module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
mca
md Two bugfixes for md. 2012-01-11 18:51:55 -08:00
media module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
memstick module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
message SCSI updates for post 3.2 merge window 2012-01-10 10:36:08 -08:00
mfd Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
misc Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
mmc Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-01-14 13:05:21 -08:00
mtd Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-01-14 13:05:21 -08:00
net Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-01-14 13:05:21 -08:00
nfc
nubus
of 2nd set of device tree changes for v3.3 2012-01-14 13:25:55 -08:00
oprofile
parisc Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci 2012-01-11 18:50:26 -08:00
parport Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-01-14 12:32:16 -08:00
pci module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
pcmcia Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-01-14 13:05:21 -08:00
pinctrl
platform module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
pnp
power module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
pps
ps3
ptp
rapidio
regulator Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6 2012-01-13 20:43:32 -08:00
rtc Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6 2012-01-13 20:43:32 -08:00
s390 module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
sbus
scsi block: fail SCSI passthrough ioctls on partition devices 2012-01-14 15:07:24 -08:00
sfi
sh SH/R-Mobile updates for 3.3 merge window. 2012-01-11 23:29:20 -08:00
sn
spi 2nd set of device tree changes for v3.3 2012-01-14 13:25:55 -08:00
ssb
staging Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-01-14 13:05:21 -08:00
target
tc
telephony
thermal
tty Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-01-14 13:05:21 -08:00
uio Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci 2012-01-11 18:50:26 -08:00
usb Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-01-14 13:05:21 -08:00
uwb
vhost
video Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-01-14 13:05:21 -08:00
virt
virtio virtio: balloon: Add freeze, restore handlers to support S4 2012-01-12 15:44:47 +10:30
vlynq
w1
watchdog module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
xen module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
zorro
Kconfig
Makefile mmc: sdhci-pci: add platform data 2012-01-11 23:58:47 -05:00