Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Feb 2020 15:41:49 +0000 (UTC)
From:      Baptiste Daroussin <bapt@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r526120 - in branches/2020Q1/sysutils/grub2-bhyve: . files
Message-ID:  <202002141541.01EFfn8p090735@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bapt
Date: Fri Feb 14 15:41:49 2020
New Revision: 526120
URL: https://svnweb.freebsd.org/changeset/ports/526120

Log:
  MFH: r525916
  
  sysutils/grub2-bhyve: Neutralize privileged guest commands
  
  GRUB was designed to run in a trusted environment, where anyone with access
  to grub2.cfg could also modify grub itself.  In grub2-bhyve, we have
  modified it to run in host context, but interpret the commands of guest
  grub2.cfg.  This means we have to worry about malicious guests.
  
  This patch addresses two escalation vectors: font-loading, and the direct
  'read', 'write', 'in', and 'out' commands (which read/write arbitrary
  addresses).  Both reported by Reno Robert.
  
  Disable font-loading by neutering the command.  It is believed to be non-
  essential and there is at least one buffer overflow in the font loading
  code.
  
  Disable reading and writing host memory and IO ports.  It is believed to be
  non-essential.
  
  admbugs:	948
  Reported by:	Reno Robert <renorobert AT gmail.com>
  Approved by:	bapt
  Security:	yes
  
  Approved by:	portmgr (bapt)

Added:
  branches/2020Q1/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c
     - copied unchanged from r525916, head/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c
  branches/2020Q1/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c
     - copied unchanged from r525916, head/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c
  branches/2020Q1/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c
     - copied unchanged from r525916, head/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c
Modified:
  branches/2020Q1/sysutils/grub2-bhyve/Makefile
Directory Properties:
  branches/2020Q1/   (props changed)

Modified: branches/2020Q1/sysutils/grub2-bhyve/Makefile
==============================================================================
--- branches/2020Q1/sysutils/grub2-bhyve/Makefile	Fri Feb 14 15:37:08 2020	(r526119)
+++ branches/2020Q1/sysutils/grub2-bhyve/Makefile	Fri Feb 14 15:41:49 2020	(r526120)
@@ -4,7 +4,7 @@
 PORTNAME=	grub2-bhyve
 DISTVERSIONPREFIX=	v
 DISTVERSION=	0.40
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	sysutils
 
 MAINTAINER=	ports@FreeBSD.org

Copied: branches/2020Q1/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c (from r525916, head/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c	Fri Feb 14 15:41:49 2020	(r526120, copy of r525916, head/sysutils/grub2-bhyve/files/patch-grub-core_commands_iorw.c)
@@ -0,0 +1,39 @@
+--- grub-core/commands/iorw.c.orig	2015-08-31 22:42:56 UTC
++++ grub-core/commands/iorw.c
+@@ -45,6 +45,9 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c
+ 
+   if (argc != 1)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
++#if 1 /* BHYVE */
++  grub_puts_("Reading host IO ports disabled.");
++#else
+ 
+   addr = grub_strtoul (argv[0], 0, 0);
+   switch (ctxt->extcmd->cmd->name[sizeof ("in") - 1])
+@@ -70,6 +73,7 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c
+     }
+   else
+     grub_printf ("0x%x\n", value);
++#endif
+ 
+   return 0;
+ }
+@@ -84,6 +88,10 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a
+   if (argc != 2 && argc != 3)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected"));
+ 
++#if 1 /* BHYVE */
++  grub_puts_("Writing host IO ports disabled.");
++#else
++
+   addr = grub_strtoul (argv[0], 0, 0);
+   value = grub_strtoul (argv[1], 0, 0);
+   if (argc == 3)
+@@ -112,6 +120,7 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a
+ 	grub_outb (value, addr);
+       break;
+     }
++#endif
+ 
+   return 0;
+ }

Copied: branches/2020Q1/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c (from r525916, head/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c	Fri Feb 14 15:41:49 2020	(r526120, copy of r525916, head/sysutils/grub2-bhyve/files/patch-grub-core_commands_memrw.c)
@@ -0,0 +1,38 @@
+--- grub-core/commands/memrw.c.orig	2015-08-31 22:42:56 UTC
++++ grub-core/commands/memrw.c
+@@ -46,6 +46,9 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c
+   if (argc != 1)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+ 
++#if 1 /* BHYVE */
++  grub_puts_("Reading host memory disabled.");
++#else
+   addr = grub_strtoul (argv[0], 0, 0);
+   switch (ctxt->extcmd->cmd->name[sizeof ("read_") - 1])
+     {
+@@ -69,6 +72,7 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, c
+     }
+   else
+     grub_printf ("0x%x\n", value);
++#endif
+ 
+   return 0;
+ }
+@@ -83,6 +87,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a
+   if (argc != 2 && argc != 3)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected"));
+ 
++#if 1 /* BHYVE */
++  grub_puts_("Writing host memory disabled.");
++#else
+   addr = grub_strtoul (argv[0], 0, 0);
+   value = grub_strtoul (argv[1], 0, 0);
+   if (argc == 3)
+@@ -114,6 +121,7 @@ grub_cmd_write (grub_command_t cmd, int argc, char **a
+ 	*((volatile grub_uint8_t *) addr) = value;
+       break;
+     }
++#endif
+ 
+   return 0;
+ }

Copied: branches/2020Q1/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c (from r525916, head/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c	Fri Feb 14 15:41:49 2020	(r526120, copy of r525916, head/sysutils/grub2-bhyve/files/patch-grub-core_font_font__cmd.c)
@@ -0,0 +1,20 @@
+--- grub-core/font/font_cmd.c.orig	2020-02-03 00:11:34 UTC
++++ grub-core/font/font_cmd.c
+@@ -28,6 +28,9 @@ loadfont_command (grub_command_t cmd __attribute__ ((u
+ 		  int argc,
+ 		  char **args)
+ {
++#if 1 /* BHYVE */
++  grub_puts_("Font loading disabled.");
++#else
+   if (argc == 0)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+ 
+@@ -38,6 +41,7 @@ loadfont_command (grub_command_t cmd __attribute__ ((u
+ 	  return grub_error (GRUB_ERR_BAD_FONT, "invalid font");
+ 	return grub_errno;
+       }
++#endif
+ 
+   return GRUB_ERR_NONE;
+ }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002141541.01EFfn8p090735>