You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43 lines
1.4 KiB
43 lines
1.4 KiB
From fc87cf0e7e9790fb7c02ee54a73dd474ffa6fa38 Mon Sep 17 00:00:00 2001 |
|
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com> |
|
Date: Thu, 7 Jun 2018 15:42:12 +0200 |
|
Subject: [PATCH] Harden dracut against BASH_ENV environment variable |
|
MIME-Version: 1.0 |
|
Content-Type: text/plain; charset=UTF-8 |
|
Content-Transfer-Encoding: 8bit |
|
|
|
When dracut silently produces a broken initramfs, then the system will |
|
likely not boot and this can be very problematic. Typical use case is |
|
after the kernel has been updated. |
|
|
|
It appears that dracut is not protected against the BASH_ENV variable, |
|
causing various scripts called by dracut to possibly fail or provide |
|
wrong output (e.g. "ldd" is one of these). |
|
Having a broken output for "ldd" makes the generated initramfs be not |
|
usable, typically because vital binaries will be missing (e.g. |
|
"awk", "udevadm", ...). |
|
|
|
Note: because the shebang line cannot contain more than one argument, |
|
the '--norc' option had to be removed. IMHO, it was useless anyway. |
|
|
|
Signed-off-by: Renaud Métrich <rmetrich@redhat.com> |
|
|
|
Cherry-picked from: c1c78f8a91921fe87f5672cdbdf9791f569fc8ac |
|
Resolves: #1588483 |
|
--- |
|
dracut.sh | 2 ++ |
|
1 file changed, 2 insertions(+) |
|
|
|
diff --git a/dracut.sh b/dracut.sh |
|
index 52835872..27489528 100755 |
|
--- a/dracut.sh |
|
+++ b/dracut.sh |
|
@@ -23,6 +23,8 @@ |
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
# |
|
|
|
+unset BASH_ENV |
|
+ |
|
# store for logging |
|
dracut_args=( "$@" ) |
|
|
|
|