Robert Millan wrote:
A more elegant solution (also may be interesting for security at some point)
would be for update-grub to hash each file it generates access commands for
and embed the sum in grub.cfg as a check parameter, like
if verify_hash /file xxxxx ; then
do_something_with_file /file
fi
So, if we take for granted those two things:
- That GRUB should never crash no matter what you feed to it.
- That update-grub instructs GRUB to verify file consistency via hashing.
also?,
- That whenever someone wants to boot a new kernel (or whatever),
they re-run update-grub. Which definitely doesn't apply if they're
interactively poking around with the GRUB commandline. But it could be
a safety check for some cases.
Would it ever make sense to *ask* the user whether to proceed, if the
file is different? (they might have changed the file deliberately!)
But, with that code you mentioned for grub.cfg, I suppose it can be
adjusted to do that, if desired by whoever controls grub.cfg.
-Isaac
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
