[PATCH] security issue in firmware system

The firmware loader has a security issue.  Firmware on some devices can
write to all memory through DMA.  Therefore the ability to feed firmware
to the kernel is equivalent to writing to /dev/kmem.  CAP_SYS_RAWIO is
needed to protect itself.

[ Editors note: the firmware file is 0644, and owned by root, so this
  "security issue" is really only an issue for people who use
  capabilities explicitly, rather than the regular Unix permissions.
  This patch makes it do the same checks we do for /dev/mem etc.  ]
Signed-Off-By: Oliver Neukum <oliver@neukum.name>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

drivers/base/firmware_class.c

@@ -235,6 +235,8 @@ firmware_data_write(struct kobject *kobj,
 	struct firmware *fw;
 	ssize_t retval;
 
+	if (!capable(CAP_SYS_RAWIO))
+		return -EPERM;
 	down(&fw_lock);
 	fw = fw_priv->fw;
 	if (test_bit(FW_STATUS_DONE, &fw_priv->status)) {