diff options
| author | cem <cem@FreeBSD.org> | 2020-02-12 23:32:31 +0800 |
|---|---|---|
| committer | cem <cem@FreeBSD.org> | 2020-02-12 23:32:31 +0800 |
| commit | 1a20ceea62edc39093c284ba304f4d8fce5443ec (patch) | |
| tree | 33d0a7a87d6171f1e22d6952e12641f2f2f2ba88 /sysutils | |
| parent | f7a4f36bc62258f9d2961bf8ab77ffb6f1cc7a18 (diff) | |
| download | freebsd-ports-gnome-1a20ceea62edc39093c284ba304f4d8fce5443ec.tar.gz freebsd-ports-gnome-1a20ceea62edc39093c284ba304f4d8fce5443ec.tar.zst freebsd-ports-gnome-1a20ceea62edc39093c284ba304f4d8fce5443ec.zip | |
sysutils/grub2-bhyve: Neutralize privileged guest commands
GRUB was designed to run in a trusted environment, where anyone with access
to grub2.cfg could also modify grub itself. In grub2-bhyve, we have
modified it to run in host context, but interpret the commands of guest
grub2.cfg. This means we have to worry about malicious guests.
This patch addresses two escalation vectors: font-loading, and the direct
'read', 'write', 'in', and 'out' commands (which read/write arbitrary
addresses). Both reported by Reno Robert.
Disable font-loading by neutering the command. It is believed to be non-
essential and there is at least one buffer overflow in the font loading
code.
Disable reading and writing host memory and IO ports. It is believed to be
non-essential.
admbugs: 948
Reported by: Reno Robert <renorobert AT gmail.com>
Approved by: bapt
MFH: 2010Q1 (bapt)
Security: yes
Diffstat (limited to 'sysutils')
4 files changed, 98 insertions, 1 deletions
diff --git a/sysutils/grub2-bhyve/Makefile b/sysutils/grub2-bhyve/Makefile index ebd725d7f435..5bac29a27f55 100644 --- a/sysutils/grub2-bhyve/Makefile +++ b/sysutils/grub2-bhyve/Makefile @@ -4,7 +4,7 @@ PORTNAME= grub2-bhyve DISTVERSIONPREFIX= v DISTVERSION= 0.40 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= sysutils MAINTAINER= ports@FreeBSD.org diff --git a/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c b/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c new file mode 100644 index 000000000000..6813270b310e --- /dev/null +++ b/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c @@ -0,0 +1,39 @@ +--- grub-core/commands/iorw.c.orig 2015-08-31 22:42:56 UTC ++++ grub-core/commands/iorw.c +@@ -45,6 +45,9 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c + + if (argc != 1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); ++#if 1 /* BHYVE */ ++ grub_puts_("Reading host IO ports disabled."); ++#else + + addr = grub_strtoul (argv[0], 0, 0); + switch (ctxt->extcmd->cmd->name[sizeof ("in") - 1]) +@@ -70,6 +73,7 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c + } + else + grub_printf ("0x%x\n", value); ++#endif + + return 0; + } +@@ -84,6 +88,10 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a + if (argc != 2 && argc != 3) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected")); + ++#if 1 /* BHYVE */ ++ grub_puts_("Writing host IO ports disabled."); ++#else ++ + addr = grub_strtoul (argv[0], 0, 0); + value = grub_strtoul (argv[1], 0, 0); + if (argc == 3) +@@ -112,6 +120,7 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a + grub_outb (value, addr); + break; + } ++#endif + + return 0; + } diff --git a/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c b/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c new file mode 100644 index 000000000000..eb2bd85a073d --- /dev/null +++ b/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c @@ -0,0 +1,38 @@ +--- grub-core/commands/memrw.c.orig 2015-08-31 22:42:56 UTC ++++ grub-core/commands/memrw.c +@@ -46,6 +46,9 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c + if (argc != 1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); + ++#if 1 /* BHYVE */ ++ grub_puts_("Reading host memory disabled."); ++#else + addr = grub_strtoul (argv[0], 0, 0); + switch (ctxt->extcmd->cmd->name[sizeof ("read_") - 1]) + { +@@ -69,6 +72,7 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c + } + else + grub_printf ("0x%x\n", value); ++#endif + + return 0; + } +@@ -83,6 +87,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a + if (argc != 2 && argc != 3) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected")); + ++#if 1 /* BHYVE */ ++ grub_puts_("Writing host memory disabled."); ++#else + addr = grub_strtoul (argv[0], 0, 0); + value = grub_strtoul (argv[1], 0, 0); + if (argc == 3) +@@ -114,6 +121,7 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a + *((volatile grub_uint8_t *) addr) = value; + break; + } ++#endif + + return 0; + } diff --git a/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c b/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c new file mode 100644 index 000000000000..356efa368705 --- /dev/null +++ b/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c @@ -0,0 +1,20 @@ +--- grub-core/font/font_cmd.c.orig 2020-02-03 00:11:34 UTC ++++ grub-core/font/font_cmd.c +@@ -28,6 +28,9 @@ loadfont_command (grub_command_t cmd __attribute__ ((u + int argc, + char **args) + { ++#if 1 /* BHYVE */ ++ grub_puts_("Font loading disabled."); ++#else + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +@@ -38,6 +41,7 @@ loadfont_command (grub_command_t cmd __attribute__ ((u + return grub_error (GRUB_ERR_BAD_FONT, "invalid font"); + return grub_errno; + } ++#endif + + return GRUB_ERR_NONE; + } |