Fix incorrect permissions on kdump dmesg file

Also known as CVE-2021-20269. The kdump dmesg log files(kexec-dmesg.log,
vmcore-dmesg.txt) are generated by shell redirection, which take the
default umask value, making the files readable for group and others.

This patch chmod these files, making them only accessible to owner.

Signed-off-by: Tao Liu <ltao@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>

dracut-module-setup.sh

@@ -849,6 +849,7 @@ install() {
     inst "/sbin/vmcore-dmesg" "/sbin/vmcore-dmesg"
     inst "/usr/bin/printf" "/sbin/printf"
     inst "/usr/bin/logger" "/sbin/logger"
+    inst "/usr/bin/chmod" "/sbin/chmod"
     inst "/lib/kdump/kdump-lib.sh" "/lib/kdump-lib.sh"
     inst "/lib/kdump/kdump-lib-initramfs.sh" "/lib/kdump-lib-initramfs.sh"
     inst "/lib/kdump/kdump-logger.sh" "/lib/kdump-logger.sh"

kdump-lib-initramfs.sh

@@ -111,6 +111,7 @@ save_log()
     if command -v journalctl > /dev/null; then
         journalctl -ab >> $KDUMP_LOG_FILE
     fi
+    chmod 600 $KDUMP_LOG_FILE
 }
 
 # dump_fs <mount point>
@@ -178,6 +179,7 @@ save_vmcore_dmesg_fs() {
     _exitcode=$?
     if [ $_exitcode -eq 0 ]; then
         mv ${_path}/vmcore-dmesg-incomplete.txt ${_path}/vmcore-dmesg.txt
+        chmod 600 ${_path}/vmcore-dmesg.txt
 
         # Make sure file is on disk. There have been instances where later
         # saving vmcore failed and system rebooted without sync and there