svn commit: r525916 - in head/sysutils/grub2-bhyve: . files
Conrad Meyer
cem at FreeBSD.org
Wed Feb 12 15:32:32 UTC 2020
Author: cem (src committer)
Date: Wed Feb 12 15:32:31 2020
New Revision: 525916
URL: https://svnweb.freebsd.org/changeset/ports/525916
Log:
sysutils/grub2-bhyve: Neutralize privileged guest commands
GRUB was designed to run in a trusted environment, where anyone with access
to grub2.cfg could also modify grub itself. In grub2-bhyve, we have
modified it to run in host context, but interpret the commands of guest
grub2.cfg. This means we have to worry about malicious guests.
This patch addresses two escalation vectors: font-loading, and the direct
'read', 'write', 'in', and 'out' commands (which read/write arbitrary
addresses). Both reported by Reno Robert.
Disable font-loading by neutering the command. It is believed to be non-
essential and there is at least one buffer overflow in the font loading
code.
Disable reading and writing host memory and IO ports. It is believed to be
non-essential.
admbugs: 948
Reported by: Reno Robert <renorobert AT gmail.com>
Approved by: bapt
MFH: 2010Q1 (bapt)
Security: yes
Added:
head/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c (contents, props changed)
head/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c (contents, props changed)
head/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c (contents, props changed)
Modified:
head/sysutils/grub2-bhyve/Makefile
Modified: head/sysutils/grub2-bhyve/Makefile
==============================================================================
--- head/sysutils/grub2-bhyve/Makefile Wed Feb 12 15:31:25 2020 (r525915)
+++ head/sysutils/grub2-bhyve/Makefile Wed Feb 12 15:32:31 2020 (r525916)
@@ -4,7 +4,7 @@
PORTNAME= grub2-bhyve
DISTVERSIONPREFIX= v
DISTVERSION= 0.40
-PORTREVISION= 7
+PORTREVISION= 8
CATEGORIES= sysutils
MAINTAINER= ports at FreeBSD.org
Added: head/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c Wed Feb 12 15:32:31 2020 (r525916)
@@ -0,0 +1,39 @@
+--- grub-core/commands/iorw.c.orig 2015-08-31 22:42:56 UTC
++++ grub-core/commands/iorw.c
+@@ -45,6 +45,9 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c
+
+ if (argc != 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
++#if 1 /* BHYVE */
++ grub_puts_("Reading host IO ports disabled.");
++#else
+
+ addr = grub_strtoul (argv[0], 0, 0);
+ switch (ctxt->extcmd->cmd->name[sizeof ("in") - 1])
+@@ -70,6 +73,7 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c
+ }
+ else
+ grub_printf ("0x%x\n", value);
++#endif
+
+ return 0;
+ }
+@@ -84,6 +88,10 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a
+ if (argc != 2 && argc != 3)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected"));
+
++#if 1 /* BHYVE */
++ grub_puts_("Writing host IO ports disabled.");
++#else
++
+ addr = grub_strtoul (argv[0], 0, 0);
+ value = grub_strtoul (argv[1], 0, 0);
+ if (argc == 3)
+@@ -112,6 +120,7 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a
+ grub_outb (value, addr);
+ break;
+ }
++#endif
+
+ return 0;
+ }
Added: head/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c Wed Feb 12 15:32:31 2020 (r525916)
@@ -0,0 +1,38 @@
+--- grub-core/commands/memrw.c.orig 2015-08-31 22:42:56 UTC
++++ grub-core/commands/memrw.c
+@@ -46,6 +46,9 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c
+ if (argc != 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+
++#if 1 /* BHYVE */
++ grub_puts_("Reading host memory disabled.");
++#else
+ addr = grub_strtoul (argv[0], 0, 0);
+ switch (ctxt->extcmd->cmd->name[sizeof ("read_") - 1])
+ {
+@@ -69,6 +72,7 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c
+ }
+ else
+ grub_printf ("0x%x\n", value);
++#endif
+
+ return 0;
+ }
+@@ -83,6 +87,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a
+ if (argc != 2 && argc != 3)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected"));
+
++#if 1 /* BHYVE */
++ grub_puts_("Writing host memory disabled.");
++#else
+ addr = grub_strtoul (argv[0], 0, 0);
+ value = grub_strtoul (argv[1], 0, 0);
+ if (argc == 3)
+@@ -114,6 +121,7 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a
+ *((volatile grub_uint8_t *) addr) = value;
+ break;
+ }
++#endif
+
+ return 0;
+ }
Added: head/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c Wed Feb 12 15:32:31 2020 (r525916)
@@ -0,0 +1,20 @@
+--- grub-core/font/font_cmd.c.orig 2020-02-03 00:11:34 UTC
++++ grub-core/font/font_cmd.c
+@@ -28,6 +28,9 @@ loadfont_command (grub_command_t cmd __attribute__ ((u
+ int argc,
+ char **args)
+ {
++#if 1 /* BHYVE */
++ grub_puts_("Font loading disabled.");
++#else
+ if (argc == 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+
+@@ -38,6 +41,7 @@ loadfont_command (grub_command_t cmd __attribute__ ((u
+ return grub_error (GRUB_ERR_BAD_FONT, "invalid font");
+ return grub_errno;
+ }
++#endif
+
+ return GRUB_ERR_NONE;
+ }
More information about the svn-ports-head
mailing list