summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorYongxin Liu <yongxin.liu@windriver.com>2021-12-27 14:54:56 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-01-14 09:34:04 +0000
commit88ca7b3d7eb7c68079a16fbf2a2dbc1056f7680e (patch)
tree21155a47244cbeb64d04ec1be0d1d7dd0cde6f5d /meta
parent236ff565fb1f0d91a5c2913384769faeca9728ba (diff)
downloadpoky-88ca7b3d7eb7c68079a16fbf2a2dbc1056f7680e.tar.gz
grub2: fix CVE-2021-3981
(From OE-Core rev: f06da194871fec7c4586a9141314f2760292d6d0) Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit bb554d14142f93c39fd1516a31757006531c348f) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch49
-rw-r--r--meta/recipes-bsp/grub/grub2.inc1
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
new file mode 100644
index 0000000000..dae26fd8bb
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
@@ -0,0 +1,49 @@
1From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001
2From: Michael Chang <mchang@suse.com>
3Date: Fri, 3 Dec 2021 16:13:28 +0800
4Subject: [PATCH] grub-mkconfig: Restore umask for the grub.cfg
5
6The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating
7configuration by grub-mkconfig) has inadvertently discarded umask for
8creating grub.cfg in the process of running grub-mkconfig. The resulting
9wrong permission (0644) would allow unprivileged users to read GRUB
10configuration file content. This presents a low confidentiality risk
11as grub.cfg may contain non-secured plain-text passwords.
12
13This patch restores the missing umask and sets the creation file mode
14to 0600 preventing unprivileged access.
15
16Fixes: CVE-2021-3981
17
18Signed-off-by: Michael Chang <mchang@suse.com>
19Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
20
21Upstream-Status: Backport
22CVE: CVE-2021-3981
23
24Reference to upstream patch:
25https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0adec29674561034771c13e446069b41ef41e4d4
26
27Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
28---
29 util/grub-mkconfig.in | 3 +++
30 1 file changed, 3 insertions(+)
31
32diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
33index c3ea7612e..62335d027 100644
34--- a/util/grub-mkconfig.in
35+++ b/util/grub-mkconfig.in
36@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with
37 exit 1
38 else
39 # none of the children aborted with error, install the new grub.cfg
40+ oldumask=$(umask)
41+ umask 077
42 cat ${grub_cfg}.new > ${grub_cfg}
43+ umask $oldumask
44 rm -f ${grub_cfg}.new
45 fi
46 fi
47--
482.31.1
49
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 3c6b434c2d..a70754e346 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -20,6 +20,7 @@ SRC_URI = "https://alpha.gnu.org/gnu/grub/grub-${REALPV}.tar.xz \
20 file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \ 20 file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
21 file://determinism.patch \ 21 file://determinism.patch \
22 file://0001-RISC-V-Restore-the-typcast-to-long.patch \ 22 file://0001-RISC-V-Restore-the-typcast-to-long.patch \
23 file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \
23" 24"
24 25
25SRC_URI[sha256sum] = "2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074145484" 26SRC_URI[sha256sum] = "2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074145484"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-14 06:05:53 +0000