[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.15] tools/pygrub: Open the output files earlier



commit 609b76c89d84f6c2139abdce459d2363d0c5c2e2
Author:     Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>
AuthorDate: Mon Sep 25 18:32:23 2023 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Wed Sep 27 16:30:18 2023 +0100

    tools/pygrub: Open the output files earlier
    
    This patch allows pygrub to get ahold of every RW file descriptor it needs
    early on. A later patch will clamp the filesystem it can access so it can't
    obtain any others.
    
    This is part of XSA-443 / CVE-2023-34325
    
    Signed-off-by: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>
    (cherry picked from commit 0710d7d44586251bfca9758890616dc3d6de8a74)
---
 tools/pygrub/src/pygrub | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub
index 1042c05b86..91e2ec2ab1 100755
--- a/tools/pygrub/src/pygrub
+++ b/tools/pygrub/src/pygrub
@@ -738,8 +738,7 @@ if __name__ == "__main__":
     def usage():
         print("Usage: %s [-q|--quiet] [-i|--interactive] [-l|--list-entries] 
[-n|--not-really] [--output=] [--kernel=] [--ramdisk=] [--args=] [--entry=] 
[--output-directory=] [--output-format=sxp|simple|simple0] [--offset=] <image>" 
%(sys.argv[0],), file=sys.stderr)
 
-    def copy_from_image(fs, file_to_read, file_type, output_directory,
-                        not_really):
+    def copy_from_image(fs, file_to_read, file_type, fd_dst, path_dst, 
not_really):
         if not_really:
             if fs.file_exists(file_to_read):
                 return "<%s:%s>" % (file_type, file_to_read)
@@ -750,21 +749,18 @@ if __name__ == "__main__":
         except Exception as e:
             print(e, file=sys.stderr)
             sys.exit("Error opening %s in guest" % file_to_read)
-        (tfd, ret) = tempfile.mkstemp(prefix="boot_"+file_type+".",
-                                      dir=output_directory)
         dataoff = 0
         while True:
             data = datafile.read(FS_READ_MAX, dataoff)
             if len(data) == 0:
-                os.close(tfd)
+                os.close(fd_dst)
                 del datafile
-                return ret
+                return
             try:
-                os.write(tfd, data)
+                os.write(fd_dst, data)
             except Exception as e:
                 print(e, file=sys.stderr)
-                os.close(tfd)
-                os.unlink(ret)
+                os.unlink(path_dst)
                 del datafile
                 sys.exit("Error writing temporary copy of "+file_type)
             dataoff += len(data)
@@ -861,6 +857,14 @@ if __name__ == "__main__":
         else:
             raise
 
+    if not_really:
+        fd_kernel =  path_kernel = fd_ramdisk = path_ramdisk = None
+    else:
+        (fd_kernel, path_kernel) = tempfile.mkstemp(prefix="boot_kernel.",
+                                                    dir=output_directory)
+        (fd_ramdisk, path_ramdisk) = tempfile.mkstemp(prefix="boot_ramdisk.",
+                                                      dir=output_directory)
+
     if output is None:
         fd = sys.stdout.fileno()
     else:
@@ -920,20 +924,23 @@ if __name__ == "__main__":
     if fs is None:
         raise RuntimeError("Unable to find partition containing kernel")
 
-    bootcfg["kernel"] = copy_from_image(fs, chosencfg["kernel"], "kernel",
-                                        output_directory, not_really)
+    copy_from_image(fs, chosencfg["kernel"], "kernel",
+                    fd_kernel, path_kernel, not_really)
+    bootcfg["kernel"] = path_kernel
 
     if chosencfg["ramdisk"]:
         try:
-            bootcfg["ramdisk"] = copy_from_image(fs, chosencfg["ramdisk"],
-                                                 "ramdisk", output_directory,
-                                                 not_really)
+            copy_from_image(fs, chosencfg["ramdisk"], "ramdisk",
+                            fd_ramdisk, path_ramdisk, not_really)
         except:
             if not not_really:
-                os.unlink(bootcfg["kernel"])
+                os.unlink(path_kernel)
             raise
+        bootcfg["ramdisk"] = path_ramdisk
     else:
         initrd = None
+        if not not_really:
+            os.unlink(path_ramdisk)
 
     args = None
     if chosencfg["args"]:
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.15



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.