diff --git a/backport-CVE-2021-3981-restore-umask-for-the-grub.patch b/backport-CVE-2021-3981-restore-umask-for-the-grub.patch new file mode 100644 index 0000000000000000000000000000000000000000..e2a6414ef05b736844b80d0917c4435f694a2778 --- /dev/null +++ b/backport-CVE-2021-3981-restore-umask-for-the-grub.patch @@ -0,0 +1,41 @@ +From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Fri, 3 Dec 2021 16:13:28 +0800 +Subject: grub-mkconfig: Restore umask for the grub.cfg + +The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating +configuration by grub-mkconfig) has inadvertently discarded umask for +creating grub.cfg in the process of running grub-mkconfig. The resulting +wrong permission (0644) would allow unprivileged users to read GRUB +configuration file content. This presents a low confidentiality risk +as grub.cfg may contain non-secured plain-text passwords. + +This patch restores the missing umask and sets the creation file mode +to 0600 preventing unprivileged access. + +Fixes: CVE-2021-3981 + +Signed-off-by: Michael Chang +Reviewed-by: Daniel Kiper +--- + util/grub-mkconfig.in | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index c3ea761..62335d0 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with + exit 1 + else + # none of the children aborted with error, install the new grub.cfg ++ oldumask=$(umask) ++ umask 077 + cat ${grub_cfg}.new > ${grub_cfg} ++ umask $oldumask + rm -f ${grub_cfg}.new + fi + fi +-- +cgit v1.1 + diff --git a/grub.patches b/grub.patches index 5feaa93fd9c6f076ec0a48bf0bb8ffd7c4c4b4eb..fa8b776169792c5663638968ca6b74d7604b3c40 100644 --- a/grub.patches +++ b/grub.patches @@ -353,3 +353,4 @@ Patch0352: backport-0079-efi-tpm-Fix-typo-in-grub_efi_tpm2_protocol-struct.patch Patch0353: backport-0080-misc-Add-parentheses-around-ALIGN_UP-and-ALIGN_DOWN-.patch Patch0354: backport-0081-verifiers-Fix-calling-uninitialized-function-pointer.patch Patch0355: backport-templates-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch +Patch0356: backport-CVE-2021-3981-restore-umask-for-the-grub.patch diff --git a/grub2.spec b/grub2.spec index 71694a8688f0a4ef1b3ea819353a05235d41fe31..541ad7a2c4d277046cefab7d4d78eed785d73f89 100644 --- a/grub2.spec +++ b/grub2.spec @@ -8,7 +8,7 @@ Name: grub2 Epoch: 1 Version: 2.04 -Release: 22 +Release: 23 Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -450,6 +450,12 @@ rm -r /boot/grub2.tmp/ || : %{_datadir}/man/man* %changelog +* Wed Mar 16 2022 xihaochen - 2.04-23 +- Type:CVE +- CVE:CVE-2021-3981 +- SUG:NA +- DESC:Fix CVE-2021-3981 + * Sat Feb 26 2022 zhangqiumiao - 2.04-22 - Type:bugfix - CVE:NA