Diffusion FreeBSD src repository - subversion rS349627

Remove the CDIOCREADSUBCHANNEL_SYSSPACE ioctl.
rS349627
Actions

Description

Remove the CDIOCREADSUBCHANNEL_SYSSPACE ioctl.

This was added for emulation of Linux's CDROMSUBCHNL, but allows
users with read access to a cd(4) device to overwrite kernel memory
provided that the driver detects some media present.

Reimplement CDROMSUBCHNL by bouncing the data from CDIOCREADSUBCHANNEL
through the linux_cdrom_subchnl structure passed from userspace.

admbugs: 768
Reported by: Alex Fortune
Security: CVE-2019-5602
Security: FreeBSD-SA-19:11.cd_ioctl

Details

Provenance

markj

Authored on

Parents

rS349626: Update UPDATING and bump newvers.sh

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rS349627: Remove the CDIOCREADSUBCHANNEL_SYSSPACE ioctl..Jul 3 2019, 12:10 AM

Changes (3)

Path

Size

head/

sys/

cam/

scsi/

scsi_cd.c

compat/

linux/

linux_ioctl.c

sys/

cdio.h

rS349627

View Options

head/sys/cam/scsi/scsi_cd.c

View Options

head/sys/compat/linux/linux_ioctl.c

View Options

Remove the CDIOCREADSUBCHANNEL_SYSSPACE ioctl.rS349627Actions

Description

Details

Event Timeline

Changes (3)

rS349627

head/sys/cam/scsi/scsi_cd.c

head/sys/compat/linux/linux_ioctl.c

head/sys/sys/cdio.h

Remove the CDIOCREADSUBCHANNEL_SYSSPACE ioctl.
rS349627
Actions