Package: extlinux
Version: 2:4.05+dfsg-6+deb7u1
Severity: important
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adding a kernel parameter with a quoted value to EXTLINUX_PARAMETERS is
impossible because extlinux-update strips the quotes when rewriting
/etc/default/extlinux.
So if you start with
EXTLINUX_PARAMETERS="ro dyndbg=\"module foo func rw +p\""
you get
EXTLINUX_PARAMETERS="ro dyndbg="module foo func rw +p""
after the first run and
EXTLINUX_PARAMETERS="ro dyndbg=module foo func rw +p"
after the second run. The unexpected resulting kernel command line
can give dangerous results unless caught before rebooting, hence the
severity of this bug.
The attached patch is a primitive attempt to fix this issue with a
minimum change. But I really think the whole concept of rewriting
/etc/default/extlinux on each an every invocation of extlinux-update
should be rethought. It is unexpected in itself. There should never
be any reason to write this file. Either it exists and should be
assumed to be properly configured by the adminstrator, or it does
not exist and you use the defaults. In either case there is no
reason to write the file.
Thanks,
Bjørn
- - System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (700, 'stable'), (600, 'unstable'), (500, 'stable-updates'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.10.0-rc1+idletest+ (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages extlinux depends on:
ii debconf [debconf-2.0] 1.5.49
ii libc6 2.13-38
Versions of packages extlinux recommends:
ii os-prober 1.58
ii syslinux-common 2:4.05+dfsg-6+deb7u1
ii syslinux-themes-debian 11-1.1
extlinux suggests no packages.
- -- debconf information:
* extlinux/install: false
- -- debsums errors found:
debsums: changed file /usr/sbin/extlinux-update (from extlinux package)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlGR8YwACgkQ10rqkowbIsn5AACaA0MAXh1ywFpuZBW3kqWvF37f
xTkAn03iMB9VBNzSAX4NCUGcdGIwalvw
=UriP
-----END PGP SIGNATURE-----
--- /usr/sbin/extlinux-update.orig 2012-12-10 13:16:56.000000000 +0100
+++ /usr/sbin/extlinux-update 2013-05-14 09:56:00.671512498 +0200
@@ -136,7 +136,7 @@
EXTLINUX_MEMDISK_DIRECTORY="${EXTLINUX_MEMDISK_DIRECTORY}"
EXTLINUX_MENU_LABEL="${EXTLINUX_MENU_LABEL}"
EXTLINUX_OS_PROBER="${EXTLINUX_OS_PROBER}"
-EXTLINUX_PARAMETERS="${EXTLINUX_PARAMETERS}"
+EXTLINUX_PARAMETERS="`echo -n ${EXTLINUX_PARAMETERS} | sed -e 's/\"/\\\"/g'`"
EXTLINUX_ROOT="${EXTLINUX_ROOT}"
EXTLINUX_THEME="${EXTLINUX_THEME}"
EXTLINUX_TIMEOUT="${EXTLINUX_TIMEOUT}"
