On Fri, Dec 03, 2021 at 04:13:28PM +0800, Michael Chang via Grub-devel wrote: > Since commit: > > ab2e53c8a grub-mkconfig: Honor a symlink when generating configuration > by grub-mkconfig > > has inadvertently discarded umask for creating grub.cfg in the process > of grub-mkconfig. The resulting wrong permission (0644) would allow > unprivileged users to read grub's configuration file content. This > presents a low confidentiality risk as grub.cfg may contain non-secured > plain-text passwords. > > This patch restores the missing umask and set the file mode of creation > to 0600 preventing unprivileged access. > > Fixes: CVE-2021-3981 > > Signed-off-by: Michael Chang <mch...@suse.com>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel