Fix incorrect permissions on kdump dmesg file

Resolves: rhbz#1938165
Upstream: fedora
Conflict: none

commit 91c802ff52
Author: Tao Liu <ltao@redhat.com>
Date:   Thu Mar 18 16:52:46 2021 +0800

    Fix incorrect permissions on kdump dmesg file

    Also known as CVE-2021-20269. The kdump dmesg log files(kexec-dmesg.log,
    vmcore-dmesg.txt) are generated by shell redirection, which take the
    default umask value, making the files readable for group and others.

    This patch chmod these files, making them only accessible to owner.

    Signed-off-by: Tao Liu <ltao@redhat.com>
    Acked-by: Kairui Song <kasong@redhat.com>

Signed-off-by: Tao Liu <ltao@redhat.com>

dracut-module-setup.sh

@@ -849,6 +849,7 @@ install() {
     inst "/sbin/vmcore-dmesg" "/sbin/vmcore-dmesg"
     inst "/usr/bin/printf" "/sbin/printf"
     inst "/usr/bin/logger" "/sbin/logger"
+    inst "/usr/bin/chmod" "/sbin/chmod"
     inst "/lib/kdump/kdump-lib.sh" "/lib/kdump-lib.sh"
     inst "/lib/kdump/kdump-lib-initramfs.sh" "/lib/kdump-lib-initramfs.sh"
     inst "/lib/kdump/kdump-logger.sh" "/lib/kdump-logger.sh"

kdump-lib-initramfs.sh

@@ -111,6 +111,7 @@ save_log()
     if command -v journalctl > /dev/null; then
         journalctl -ab >> $KDUMP_LOG_FILE
     fi
+    chmod 600 $KDUMP_LOG_FILE
 }
 
 # dump_fs <mount point>
@@ -178,6 +179,7 @@ save_vmcore_dmesg_fs() {
     _exitcode=$?
     if [ $_exitcode -eq 0 ]; then
         mv ${_path}/vmcore-dmesg-incomplete.txt ${_path}/vmcore-dmesg.txt
+        chmod 600 ${_path}/vmcore-dmesg.txt
 
         # Make sure file is on disk. There have been instances where later
         # saving vmcore failed and system rebooted without sync and there