Commit a5b63a99 authored by Rocky Automation's avatar Rocky Automation 📺
Browse files

import grub2-2.02-78.el8_1.1

parent b61d5663
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Tue, 23 Oct 2018 15:00:13 +0200
Subject: [PATCH] unix/platform: Initialize variable to fix grub-install on
UEFI system
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
On a UEFI system, were no boot entry *grub* is present, currently,
`grub-install` fails with an error.
$ efibootmgr
BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0001,0006,0003,0004,0005
Boot0001 Diskette Drive
Boot0003* USB Storage Device
Boot0004* CD/DVD/CD-RW Drive
Boot0005 Onboard NIC
Boot0006* WDC WD2500AAKX-75U6AA0
$ sudo grub-install /dev/sda
Installing for x86_64-efi platform.
grub-install: error: efibootmgr failed to register the boot entry: Unknown error 22020.
The error code is always different, and the error message (incorrectly)
points to efibootmgr.
But, the error is in GRUB’s function
`grub_install_remove_efi_entries_by_distributor()`, where the variable
`rc` for the return value, is uninitialized and never set, when no boot
entry for the distributor is found.
The content of that uninitialized variable is then returned as the error
code of efibootmgr.
Set the variable to 0, so that success is returned, when no entry needs
to be deleted.
Tested on Dell OptiPlex 7010 with firmware A28.
$ sudo ./grub-install /dev/sda
Installing for x86_64-efi platform.
Installation finished. No error reported.
[1]: https://github.com/rhboot/efibootmgr/issues/100
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/osdep/unix/platform.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c
index ca448bc11a0..55b8f401624 100644
--- a/grub-core/osdep/unix/platform.c
+++ b/grub-core/osdep/unix/platform.c
@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor)
pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd);
char *line = NULL;
size_t len = 0;
- int rc;
+ int rc = 0;
if (!pid)
{
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 13 Nov 2019 12:15:43 +0100
Subject: [PATCH] grub-set-bootflag: Update comment about running as root
through pkexec
We have stopped using pkexec for grub-set-bootflag, instead it is now
installed suid root, update the comment accordingly.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
util/grub-set-bootflag.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
index f8dc310909a..32f1c104a2b 100644
--- a/util/grub-set-bootflag.c
+++ b/util/grub-set-bootflag.c
@@ -18,7 +18,7 @@
*/
/*
- * NOTE this gets run by users as root (through pkexec), so this does not
+ * NOTE this gets run by users as root (its suid root), so this does not
* use any grub library / util functions to allow for easy auditing.
* The grub headers are only included to get certain defines.
*/
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 22 Nov 2019 11:54:27 +0100
Subject: [PATCH] grub-set-bootflag: Write new env to tmpfile and then rename
Make the grubenv writing code in grub-set-bootflag more robust by
writing the modified grubenv to a tmpfile first and then renaming the
tmpfile over the old grubenv (following symlinks).
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
util/grub-set-bootflag.c | 87 +++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 78 insertions(+), 9 deletions(-)
diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
index 32f1c104a2b..d3b80a0d204 100644
--- a/util/grub-set-bootflag.c
+++ b/util/grub-set-bootflag.c
@@ -26,7 +26,9 @@
#include <config-util.h> /* For *_DIR_NAME defines */
#include <grub/types.h>
#include <grub/lib/envblk.h> /* For GRUB_ENVBLK_DEFCFG define */
+#include <limits.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -52,8 +54,10 @@ int main(int argc, char *argv[])
{
/* NOTE buf must be at least the longest bootflag length + 4 bytes */
char env[GRUBENV_SIZE + 1], buf[64], *s;
+ /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */
+ char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1];
const char *bootflag;
- int i, len, ret;
+ int i, fd, len, ret;
FILE *f;
if (argc != 2)
@@ -75,7 +79,32 @@ int main(int argc, char *argv[])
bootflag = bootflags[i];
len = strlen (bootflag);
- f = fopen (GRUBENV, "r");
+ /*
+ * Really become root. setuid avoids an user killing us, possibly leaking
+ * the tmpfile. setgid avoids the new grubenv's gid being that of the user.
+ */
+ ret = setuid(0);
+ if (ret)
+ {
+ perror ("Error setuid(0) failed");
+ return 1;
+ }
+
+ ret = setgid(0);
+ if (ret)
+ {
+ perror ("Error setgid(0) failed");
+ return 1;
+ }
+
+ /* Canonicalize GRUBENV filename, resolving symlinks, etc. */
+ if (!realpath(GRUBENV, env_filename))
+ {
+ perror ("Error canonicalizing " GRUBENV " filename");
+ return 1;
+ }
+
+ f = fopen (env_filename, "r");
if (!f)
{
perror ("Error opening " GRUBENV " for reading");
@@ -129,30 +158,70 @@ int main(int argc, char *argv[])
snprintf(buf, sizeof(buf), "%s=1\n", bootflag);
memcpy(s, buf, len + 3);
- /* "r+", don't truncate so that the diskspace stays reserved */
- f = fopen (GRUBENV, "r+");
+
+ /*
+ * Create a tempfile for writing the new env. Use the canonicalized filename
+ * for the template so that the tmpfile is in the same dir / on same fs.
+ */
+ snprintf(tmp_filename, sizeof(tmp_filename), "%sXXXXXX", env_filename);
+ fd = mkstemp(tmp_filename);
+ if (fd == -1)
+ {
+ perror ("Creating tmpfile failed");
+ return 1;
+ }
+
+ f = fdopen (fd, "w");
if (!f)
{
- perror ("Error opening " GRUBENV " for writing");
+ perror ("Error fdopen of tmpfile failed");
+ unlink(tmp_filename);
return 1;
}
ret = fwrite (env, 1, GRUBENV_SIZE, f);
if (ret != GRUBENV_SIZE)
{
- perror ("Error writing to " GRUBENV);
+ perror ("Error writing tmpfile");
+ unlink(tmp_filename);
return 1;
}
ret = fflush (f);
if (ret)
{
- perror ("Error flushing " GRUBENV);
+ perror ("Error flushing tmpfile");
+ unlink(tmp_filename);
return 1;
}
- fsync (fileno (f));
- fclose (f);
+ ret = fsync (fileno (f));
+ if (ret)
+ {
+ perror ("Error syncing tmpfile");
+ unlink(tmp_filename);
+ return 1;
+ }
+
+ ret = fclose (f);
+ if (ret)
+ {
+ perror ("Error closing tmpfile");
+ unlink(tmp_filename);
+ return 1;
+ }
+
+ /*
+ * And finally rename the tmpfile with the new env over the old env, the
+ * linux kernel guarantees that this is atomic (from a syscall pov).
+ */
+ ret = rename(tmp_filename, env_filename);
+ if (ret)
+ {
+ perror ("Error renaming tmpfile to " GRUBENV " failed");
+ unlink(tmp_filename);
+ return 1;
+ }
return 0;
}
......@@ -263,3 +263,6 @@ Patch0262: 0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch
Patch0263: 0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch
Patch0264: 0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch
Patch0265: 0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch
Patch0266: 0266-unix-platform-Initialize-variable-to-fix-grub-instal.patch
Patch0267: 0267-grub-set-bootflag-Update-comment-about-running-as-ro.patch
Patch0268: 0268-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
......@@ -7,7 +7,7 @@
Name: grub2
Epoch: 1
Version: 2.02
Release: 78%{?dist}
Release: 78%{?dist}.1
Summary: Bootloader with support for Linux, Multiboot and more
Group: System Environment/Base
License: GPLv3+
......@@ -498,6 +498,10 @@ fi
%endif
%changelog
* Tue Dec 03 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-78.el8_1.1
- grub-set-bootflag: Write new env to tmpfile and then rename (hdegoede)
Resolves: CVE-2019-14865
* Thu Sep 26 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-77
- 10_linux_bls: don't add --users option to generated menu entries
Resolves: rhbz#1755815
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment