grub2/0076-01_users-Handle-GRUB_PASSWORD-better.patch
Peter Jones bf8e18bc1d Security update for keyboard input vulnerability.
- Fix security issue when reading username and password
  Related: CVE-2015-8370
- Do a better job of handling GRUB2_PASSWORD
  Related: rhbz#1284370

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-17 10:06:43 +01:00

44 lines
1.3 KiB
Diff

From e5e933f4fd449301fc1856db31ef1167b4867cd1 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 4 Dec 2015 09:28:38 -0500
Subject: [PATCH 76/76] 01_users: Handle GRUB_PASSWORD better.
Only handle GRUB2_PASSWORD not GRUB_PASSWORD.
Related: rhbz#1284370
Signed-off-by: Peter Jones <pjones@redhat.com>
---
util/grub-setpassword.8 | 2 +-
util/grub.d/01_users.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/util/grub-setpassword.8 b/util/grub-setpassword.8
index 5973abe..49200a8 100644
--- a/util/grub-setpassword.8
+++ b/util/grub-setpassword.8
@@ -9,7 +9,7 @@
\fBgrub-setpassword\fR outputs the user.cfg file which contains the hashed GRUB bootloader password. This utility only supports configurations where there is a single root user.
The file has the format:
-GRUB_2PASSWORD=<\fIhashed password\fR>.
+GRUB2_PASSWORD=<\fIhashed password\fR>.
.SH OPTIONS
.TP
diff --git a/util/grub.d/01_users.in b/util/grub.d/01_users.in
index facd409..db2f44b 100644
--- a/util/grub.d/01_users.in
+++ b/util/grub.d/01_users.in
@@ -2,7 +2,7 @@
cat << EOF
if [ -f \${prefix}/user.cfg ]; then
source \${prefix}/user.cfg
- if [ -n \${GRUB2_PASSWORD} ]; then
+ if [ -n "\${GRUB2_PASSWORD}" ]; then
set superusers="root"
export superusers
password_pbkdf2 root \${GRUB2_PASSWORD}
--
2.5.0