From d6a3fb11e7110c0ba1263ba7690679e23383a9bf Mon Sep 17 00:00:00 2001 From: xihaochen Date: Wed, 16 Mar 2022 14:51:31 +0800 Subject: [PATCH] Fix CVE-2021-3981 --- ...2021-3981-restore-umask-for-the-grub.patch | 41 +++++++++++++++++++ grub.patches | 1 + grub2.spec | 8 +++- 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2021-3981-restore-umask-for-the-grub.patch diff --git a/backport-CVE-2021-3981-restore-umask-for-the-grub.patch b/backport-CVE-2021-3981-restore-umask-for-the-grub.patch new file mode 100644 index 0000000..e2a6414 --- /dev/null +++ b/backport-CVE-2021-3981-restore-umask-for-the-grub.patch @@ -0,0 +1,41 @@ +From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Fri, 3 Dec 2021 16:13:28 +0800 +Subject: grub-mkconfig: Restore umask for the grub.cfg + +The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating +configuration by grub-mkconfig) has inadvertently discarded umask for +creating grub.cfg in the process of running grub-mkconfig. The resulting +wrong permission (0644) would allow unprivileged users to read GRUB +configuration file content. This presents a low confidentiality risk +as grub.cfg may contain non-secured plain-text passwords. + +This patch restores the missing umask and sets the creation file mode +to 0600 preventing unprivileged access. + +Fixes: CVE-2021-3981 + +Signed-off-by: Michael Chang +Reviewed-by: Daniel Kiper +--- + util/grub-mkconfig.in | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index c3ea761..62335d0 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with + exit 1 + else + # none of the children aborted with error, install the new grub.cfg ++ oldumask=$(umask) ++ umask 077 + cat ${grub_cfg}.new > ${grub_cfg} ++ umask $oldumask + rm -f ${grub_cfg}.new + fi + fi +-- +cgit v1.1 + diff --git a/grub.patches b/grub.patches index 5feaa93..fa8b776 100644 --- a/grub.patches +++ b/grub.patches @@ -353,3 +353,4 @@ Patch0352: backport-0079-efi-tpm-Fix-typo-in-grub_efi_tpm2_protocol-struct.patch Patch0353: backport-0080-misc-Add-parentheses-around-ALIGN_UP-and-ALIGN_DOWN-.patch Patch0354: backport-0081-verifiers-Fix-calling-uninitialized-function-pointer.patch Patch0355: backport-templates-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch +Patch0356: backport-CVE-2021-3981-restore-umask-for-the-grub.patch diff --git a/grub2.spec b/grub2.spec index 2590f01..80443d7 100644 --- a/grub2.spec +++ b/grub2.spec @@ -8,7 +8,7 @@ Name: grub2 Epoch: 1 Version: 2.04 -Release: 22 +Release: 23 Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -450,6 +450,12 @@ rm -r /boot/grub2.tmp/ || : %{_datadir}/man/man* %changelog +* Wed Mar 16 2022 xihaochen - 2.04-23 +- Type:CVE +- CVE:CVE-2021-3981 +- SUG:NA +- DESC:Fix CVE-2021-3981 + * Sat Feb 26 2022 zhangqiumiao - 2.04-22 - Type:bugfix - CVE:NA -- Gitee