[hardknott,4/9] grub2: fix CVE-2021-3981

Message ID	f06da194871fec7c4586a9141314f2760292d6d0.1641911316.git.anuj.mittal@intel.com
State	Accepted, archived
Commit	f06da194871fec7c4586a9141314f2760292d6d0
Headers	show Return-Path: <anuj.mittal@intel.com> ip: 192.55.52.120, mailfrom: anuj.mittal@intel.com) From: Anuj Mittal <anuj.mittal@intel.com> To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 4/9] grub2: fix CVE-2021-3981 Date: Tue, 11 Jan 2022 22:32:48 +0800 Message-Id: <f06da194871fec7c4586a9141314f2760292d6d0.1641911316.git.anuj.mittal@intel.com> In-Reply-To: <cover.1641911316.git.anuj.mittal@intel.com> References: <cover.1641911316.git.anuj.mittal@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[hardknott,1/9] webkitgtk: fix fix CVE-2021-42762 \| expand [hardknott,1/9] webkitgtk: fix fix CVE-2021-42762 [hardknott,2/9] gcc: add aarch64 support for Arm's Neoverse N2 CPU [hardknott,3/9] lib/oe/reproducible: correctly set .git location when recursively looking for git r… [hardknott,4/9] grub2: fix CVE-2021-3981 [hardknott,5/9] gcc: Fix CVE-2021-42574 [hardknott,6/9] busybox: backport patches to fix CVEs [hardknott,7/9] glibc: Backport fix for CVE-2021-43396 [hardknott,8/9] gcc: add support for Neoverse N2 CPU [hardknott,9/9] python3-pyelftools: fix the override syntax

Message ID

f06da194871fec7c4586a9141314f2760292d6d0.1641911316.git.anuj.mittal@intel.com

State

Accepted, archived

Commit

f06da194871fec7c4586a9141314f2760292d6d0

Headers

From: Anuj Mittal <anuj.mittal@intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [hardknott][PATCH 4/9] grub2: fix CVE-2021-3981
Date: Tue, 11 Jan 2022 22:32:48 +0800
Message-Id: 
 <f06da194871fec7c4586a9141314f2760292d6d0.1641911316.git.anuj.mittal@intel.com>
In-Reply-To: <cover.1641911316.git.anuj.mittal@intel.com>
References: <cover.1641911316.git.anuj.mittal@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[hardknott,1/9] webkitgtk: fix fix CVE-2021-42762 | expand

Commit Message

Mittal, Anuj Jan. 11, 2022, 2:32 p.m. UTC

From: Yongxin Liu <yongxin.liu@windriver.com>

Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb554d14142f93c39fd1516a31757006531c348f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 ...onfig-Restore-umask-for-the-grub.cfg.patch | 49 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 50 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
new file mode 100644
index 0000000000..dae26fd8bb
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
@@ -0,0 +1,49 @@ 
+From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Fri, 3 Dec 2021 16:13:28 +0800
+Subject: [PATCH] grub-mkconfig: Restore umask for the grub.cfg
+
+The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating
+configuration by grub-mkconfig) has inadvertently discarded umask for
+creating grub.cfg in the process of running grub-mkconfig. The resulting
+wrong permission (0644) would allow unprivileged users to read GRUB
+configuration file content. This presents a low confidentiality risk
+as grub.cfg may contain non-secured plain-text passwords.
+
+This patch restores the missing umask and sets the creation file mode
+to 0600 preventing unprivileged access.
+
+Fixes: CVE-2021-3981
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2021-3981
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0adec29674561034771c13e446069b41ef41e4d4
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ util/grub-mkconfig.in | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index c3ea7612e..62335d027 100644
+--- a/util/grub-mkconfig.in
++++ b/util/grub-mkconfig.in
+@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with
+     exit 1
+   else
+     # none of the children aborted with error, install the new grub.cfg
++    oldumask=$(umask)
++    umask 077
+     cat ${grub_cfg}.new > ${grub_cfg}
++    umask $oldumask
+     rm -f ${grub_cfg}.new
+   fi
+ fi
+-- 
+2.31.1
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 3c6b434c2d..a70754e346 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -20,6 +20,7 @@  SRC_URI = "https://alpha.gnu.org/gnu/grub/grub-${REALPV}.tar.xz \
            file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
            file://determinism.patch \
            file://0001-RISC-V-Restore-the-typcast-to-long.patch \
+           file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \
 "
 
 SRC_URI[sha256sum] = "2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074145484"

[hardknott,4/9] grub2: fix CVE-2021-3981

Commit Message

Patch