diff options
Diffstat (limited to 'meta/recipes-bsp/grub/files/CVE-2020-27779_5.patch')
-rw-r--r-- | meta/recipes-bsp/grub/files/CVE-2020-27779_5.patch | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2020-27779_5.patch b/meta/recipes-bsp/grub/files/CVE-2020-27779_5.patch new file mode 100644 index 0000000000..b52273ff50 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2020-27779_5.patch | |||
@@ -0,0 +1,62 @@ | |||
1 | From 6993cce7c3a9d15e6573845f455d2f0de424a717 Mon Sep 17 00:00:00 2001 | ||
2 | From: Javier Martinez Canillas <javierm@redhat.com> | ||
3 | Date: Wed, 24 Feb 2021 15:03:26 +0100 | ||
4 | Subject: [PATCH] gdb: Restrict GDB access when locked down | ||
5 | |||
6 | The gdbstub* commands allow to start and control a GDB stub running on | ||
7 | local host that can be used to connect from a remote debugger. Restrict | ||
8 | this functionality when the GRUB is locked down. | ||
9 | |||
10 | Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> | ||
11 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
12 | |||
13 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=508270838998f151a82e9c13e7cb8a470a2dc23d] | ||
14 | CVE: CVE-2020-27779 | ||
15 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> | ||
16 | --- | ||
17 | grub-core/gdb/gdb.c | 32 ++++++++++++++++++-------------- | ||
18 | 1 file changed, 18 insertions(+), 14 deletions(-) | ||
19 | |||
20 | diff --git a/grub-core/gdb/gdb.c b/grub-core/gdb/gdb.c | ||
21 | index 847a1e1..1818cb6 100644 | ||
22 | --- a/grub-core/gdb/gdb.c | ||
23 | +++ b/grub-core/gdb/gdb.c | ||
24 | @@ -75,20 +75,24 @@ static grub_command_t cmd, cmd_stop, cmd_break; | ||
25 | GRUB_MOD_INIT (gdb) | ||
26 | { | ||
27 | grub_gdb_idtinit (); | ||
28 | - cmd = grub_register_command ("gdbstub", grub_cmd_gdbstub, | ||
29 | - N_("PORT"), | ||
30 | - /* TRANSLATORS: GDB stub is a small part of | ||
31 | - GDB functionality running on local host | ||
32 | - which allows remote debugger to | ||
33 | - connect to it. */ | ||
34 | - N_("Start GDB stub on given port")); | ||
35 | - cmd_break = grub_register_command ("gdbstub_break", grub_cmd_gdb_break, | ||
36 | - /* TRANSLATORS: this refers to triggering | ||
37 | - a breakpoint so that the user will land | ||
38 | - into GDB. */ | ||
39 | - 0, N_("Break into GDB")); | ||
40 | - cmd_stop = grub_register_command ("gdbstub_stop", grub_cmd_gdbstop, | ||
41 | - 0, N_("Stop GDB stub")); | ||
42 | + cmd = grub_register_command_lockdown ("gdbstub", grub_cmd_gdbstub, | ||
43 | + N_("PORT"), | ||
44 | + /* | ||
45 | + * TRANSLATORS: GDB stub is a small part of | ||
46 | + * GDB functionality running on local host | ||
47 | + * which allows remote debugger to | ||
48 | + * connect to it. | ||
49 | + */ | ||
50 | + N_("Start GDB stub on given port")); | ||
51 | + cmd_break = grub_register_command_lockdown ("gdbstub_break", grub_cmd_gdb_break, | ||
52 | + /* | ||
53 | + * TRANSLATORS: this refers to triggering | ||
54 | + * a breakpoint so that the user will land | ||
55 | + * into GDB. | ||
56 | + */ | ||
57 | + 0, N_("Break into GDB")); | ||
58 | + cmd_stop = grub_register_command_lockdown ("gdbstub_stop", grub_cmd_gdbstop, | ||
59 | + 0, N_("Stop GDB stub")); | ||
60 | } | ||
61 | |||
62 | GRUB_MOD_FINI (gdb) | ||