On Fri, Dec 03, 2021 at 04:13:28PM +0800, Michael Chang via Grub-devel wrote:
> Since commit:
>
>   ab2e53c8a grub-mkconfig: Honor a symlink when generating configuration
> by grub-mkconfig
>
> has inadvertently discarded umask for creating grub.cfg in the process
> of grub-mkconfig. The resulting wrong permission (0644) would allow
> unprivileged users to read grub's configuration file content. This
> presents a low confidentiality risk as grub.cfg may contain non-secured
> plain-text passwords.
>
> This patch restores the missing umask and set the file mode of creation
> to 0600 preventing unprivileged access.
>
> Fixes: CVE-2021-3981
>
> Signed-off-by: Michael Chang <mch...@suse.com>

Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>

Daniel

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to