Fix incorrect permissions on kdump dmesg file

Resolves: rhbz#1938165
Upstream: fedora
Conflict: none

commit 91c802ff52
Author: Tao Liu <ltao@redhat.com>
Date:   Thu Mar 18 16:52:46 2021 +0800

    Fix incorrect permissions on kdump dmesg file

    Also known as CVE-2021-20269. The kdump dmesg log files(kexec-dmesg.log,
    vmcore-dmesg.txt) are generated by shell redirection, which take the
    default umask value, making the files readable for group and others.

    This patch chmod these files, making them only accessible to owner.

    Signed-off-by: Tao Liu <ltao@redhat.com>
    Acked-by: Kairui Song <kasong@redhat.com>

Signed-off-by: Tao Liu <ltao@redhat.com>
This commit is contained in:
Tao Liu 2021-04-20 15:56:16 +08:00
parent 9ae724c9b0
commit 3371584d02
2 changed files with 3 additions and 0 deletions

View File

@ -849,6 +849,7 @@ install() {
inst "/sbin/vmcore-dmesg" "/sbin/vmcore-dmesg"
inst "/usr/bin/printf" "/sbin/printf"
inst "/usr/bin/logger" "/sbin/logger"
inst "/usr/bin/chmod" "/sbin/chmod"
inst "/lib/kdump/kdump-lib.sh" "/lib/kdump-lib.sh"
inst "/lib/kdump/kdump-lib-initramfs.sh" "/lib/kdump-lib-initramfs.sh"
inst "/lib/kdump/kdump-logger.sh" "/lib/kdump-logger.sh"

View File

@ -111,6 +111,7 @@ save_log()
if command -v journalctl > /dev/null; then
journalctl -ab >> $KDUMP_LOG_FILE
fi
chmod 600 $KDUMP_LOG_FILE
}
# dump_fs <mount point>
@ -178,6 +179,7 @@ save_vmcore_dmesg_fs() {
_exitcode=$?
if [ $_exitcode -eq 0 ]; then
mv ${_path}/vmcore-dmesg-incomplete.txt ${_path}/vmcore-dmesg.txt
chmod 600 ${_path}/vmcore-dmesg.txt
# Make sure file is on disk. There have been instances where later
# saving vmcore failed and system rebooted without sync and there