!135 [sync] PR-132: Fix CVE-2021-3981

From: @openeuler-sync-bot Reviewed-by: @t_feng Signed-off-by: @t_feng
2022-03-18 01:25:07 +00:00 · 2022-03-18 01:25:07 +00:00 · 7ccccceee5
commit 7ccccceee5
parent 1b1d8d2ec6 17a445ed58
3 changed files with 49 additions and 1 deletions
--- a/backport-CVE-2021-3981-restore-umask-for-the-grub.patch
+++ b/backport-CVE-2021-3981-restore-umask-for-the-grub.patch
@ -0,0 +1,41 @@
+From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Fri, 3 Dec 2021 16:13:28 +0800
+Subject: grub-mkconfig: Restore umask for the grub.cfg
+
+The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating
+configuration by grub-mkconfig) has inadvertently discarded umask for
+creating grub.cfg in the process of running grub-mkconfig. The resulting
+wrong permission (0644) would allow unprivileged users to read GRUB
+configuration file content. This presents a low confidentiality risk
+as grub.cfg may contain non-secured plain-text passwords.
+
+This patch restores the missing umask and sets the creation file mode
+to 0600 preventing unprivileged access.
+
+Fixes: CVE-2021-3981
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ util/grub-mkconfig.in | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index c3ea761..62335d0 100644
+--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
+@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with
+     exit 1
+   else
+     # none of the children aborted with error, install the new grub.cfg
+    oldumask=$(umask)
+    umask 077
+     cat ${grub_cfg}.new > ${grub_cfg}
+    umask $oldumask
+     rm -f ${grub_cfg}.new
+   fi
+ fi
+-- 
+cgit v1.1
+
--- a/grub.patches
+++ b/grub.patches
@ -358,3 +358,4 @@ Patch0357: support-TPM2.0.patch
 Patch0358: use-default-timestamp.patch
 Patch0359: backport-arm64-Fix-EFI-loader-kernel-image-allocation.patch
 Patch0360: backport-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
+Patch0361: backport-CVE-2021-3981-restore-umask-for-the-grub.patch
--- a/grub2.spec
+++ b/grub2.spec
@ -8,7 +8,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.04
-Release:	24
+Release:	25
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@ -450,6 +450,12 @@ rm -r /boot/grub2.tmp/ || :
 %{_datadir}/man/man*

 %changelog
+* Wed Mar 16 2022 xihaochen <xihaochen@h-partners.com> - 2.04-25
+- Type:CVE
+- CVE:CVE-2021-3981
+- SUG:NA
+- DESC:Fix CVE-2021-3981
+
 * Sat Feb 26 2022 yanan <yanan@huawei.com> - 2.04-24
 - Type:bugfix
 - CVE:NA