From: Oliver Neukum <oliver@neukum.org>

The firmware loader has a security issue.  Firmware on some devices can
write to all memory through DMA.  Therefore the ability to feed firmware to
the kernel is equivalent to writing to /dev/kmem.  CAP_SYS_RAWIO is needed
to protect itself.  Please apply.

Signed-Off-By: Oliver Neukum <oliver@neukum.name>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/drivers/base/firmware_class.c |    2 ++
 1 files changed, 2 insertions(+)

diff -puN drivers/base/firmware_class.c~capabilities-issue-in-firmware-loader drivers/base/firmware_class.c
--- 25/drivers/base/firmware_class.c~capabilities-issue-in-firmware-loader	Fri Sep 24 17:19:01 2004
+++ 25-akpm/drivers/base/firmware_class.c	Fri Sep 24 17:19:01 2004
@@ -235,6 +235,8 @@ firmware_data_write(struct kobject *kobj
 	struct firmware *fw;
 	ssize_t retval;
 
+	if (!capable(CAP_SYS_RAWIO))
+		return -EPERM;
 	down(&fw_lock);
 	fw = fw_priv->fw;
 	if (test_bit(FW_STATUS_DONE, &fw_priv->status)) {
_