1233229 – grub2 overquotes linux command line input

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1233229 - grub2 overquotes linux command line input

Summary: grub2 overquotes linux command line input

Keywords:
Status:	CLOSED DUPLICATE of bug 1125404
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	grub2
Sub Component:
Version:	7.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Peter Jones
QA Contact:	Release Test Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-06-18 13:34 UTC by Jiri Jaburek
Modified:	2015-07-01 09:54 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-06-30 20:54:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Jiri Jaburek 2015-06-18 13:34:32 UTC

Description of problem:

When grub.cfg contains special characters like &, $, etc., grub2 treats them like metacharacters and gives them special meaning. This is - in some cases - unwanted in the case of a kernel command line.

The grub documentation [1], section 5.2, mentions that

  "Enclosing characters in single quotes preserves the literal value of each character within the quotes. A single quote may not occur between single quotes, even when preceded by a backslash."

This means that pre-processing the kernel command line by enclosing it in single quotes and escaping any existing single quotes should make grub pass the cmdline unchanged, without interpreting it as special.

For example:

  lorem ipsum&dolor$sit'amet"

would be specified as

  'lorem ipsum&dolor$sit'\''amet"'

However this instead becomes, when "cat /proc/cmdline" on a running system,

  "lorem ipsum&dolor$sit\'amet\""

Turning it into multiple arguments for the linux/linux16 command by using a variable,

  set testvar='lorem ipsum&dolor$sit'\''amet"'
  linux16 /some/image ... $testvar

gets rid of the double quotes (which are a valid operation by the linux/linux16 command), but still manages to overquote / overescape the result:

  lorem ipsum&dolor$sit\'amet\"


[1]: http://www.gnu.org/software/grub/manual/html_node/Shell_002dlike-scripting.html#Shell_002dlike-scripting


Version-Release number of selected component (if applicable):
grub2-2.02-0.16.el7.x86_64

How reproducible:
always

Actual results:
grub overescapes the input on (at least) linux/linux16 command lines

Expected results:
grub behaves according to docs, without treating anything inside '' as special

Additional info:
This issue was somewhat discussed upstream, http://lists.gnu.org/archive/html/help-grub/2015-06/msg00004.html .

There's a potential customer impact if the customer uses ie. PHP/CGI to generate a parametrized kickstart, passing it as ks= on the cmdline. For example ks=http://host/ks.cfg?param1=value1&param2=value2 . This worked fine with grub1 (on RHEL6) and syslinux (pxelinux), but doesn't with grub2 (important for UEFI and RHEL7).

Note You need to log in before you can comment on or make changes to this bug.