FWIW, we explicitly ship a patch to make the file world-readable if it does not contain a password.
From: Colin Watson <[email protected]> Date: Mon, 13 Jan 2014 12:12:55 +0000 Subject: Make grub.cfg world-readable if it contains no passwords Patch-Name: grub.cfg-400.patch --- util/grub-mkconfig.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in index 9f477ff..45cd4cc 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -276,6 +276,10 @@ for i in "${grub_mkconfig_dir}"/* ; do esac done +if [ "x${grub_cfg}" != "x" ] && ! grep "^password" ${grub_cfg}.new >/dev/null; then + chmod 444 ${grub_cfg}.new || true +fi -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933826 Title: default file permissions on bootloader configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1933826/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
