** Changed in: grub2 (Ubuntu Impish)
Status: Fix Released => Triaged
** Changed in: grub2 (Ubuntu)
Status: Fix Released => Triaged
** Also affects: grub2 (Ubuntu Jammy)
Importance: Undecided
Status: Triaged
--
You received this bug notification because you are a member
So we actually have 0600 at the moment after dropping the patch.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1933826
Title:
default file permissions on bootloader configuration
To manage
I am still confused how 400 permission for grub.cfg can work at all.
Depending on the upstream grub version, it either cats things to it, or
moves a new file to it. In both cases, either permissions reset to 600
or write is not allowed at all. Or one has custom/distro/downstream
patched grub that
This bug was fixed in the package grub2 - 2.04-1ubuntu47
---
grub2 (2.04-1ubuntu47) impish; urgency=medium
* Drop grub.cfg-400.patch (LP: #1933826)
-- Julian Andres Klode Thu, 02 Sep 2021 14:37:43
+0200
** Changed in: grub2 (Ubuntu Impish)
Status: Fix Committed => Fix
** Changed in: grub2 (Ubuntu Impish)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1933826
Title:
default file permissions on bootloader configuration
To
we currently do chain grub.cfg from ESP to boot partition, can the
password be set in that grub.cfg file instead? which today is outside of
the scope of grub-mkconfig management.
And that grub is protected with restrictive mount options of ESP, see
/boot/efi/EFI/ubuntu/grub.cfg
--
You received
** Tags added: fr-1491
** Also affects: grub2 (Ubuntu Impish)
Importance: Undecided
Status: Confirmed
** Tags removed: rls-ii-incoming
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1933826
** Tags added: rls-ii-incoming
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1933826
Title:
default file permissions on bootloader configuration
To manage notifications about this bug go to:
A few things to add to this discussion:
> I'd say at the moment bootloader passwords are unsupported as IIRC,
there are issues with keyboard not working correctly in a bunch of
places.
Yeah, I think this isn't meant as a true security _control_ (certainly
any matter of physical access yields
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: grub2 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1933826
Title:
FWIW, we explicitly ship a patch to make the file world-readable if it
does not contain a password.
From: Colin Watson
Date: Mon, 13 Jan 2014 12:12:55 +
Subject: Make grub.cfg world-readable if it contains no passwords
Patch-Name: grub.cfg-400.patch
---
util/grub-mkconfig.in | 4
1
Fedora doesn't use grub-mkconfig after the initial install, but drops
https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec/ files
into directories, so it's not entirely surprising their behavior is
different.
I'd say at the moment bootloader passwords are unsupported as IIRC,
there are
** Summary changed:
- default permissions on bootloader configuration
+ default file permissions on bootloader configuration
** Description changed:
CIS guidance for all distributions suggest securing grub bootloader
- configuration for two purposes:
+ configuration file permissions for two
13 matches
Mail list logo