FWIW, we explicitly ship a patch to make the file world-readable if it
does not contain a password.

From: Colin Watson <[email protected]>
Date: Mon, 13 Jan 2014 12:12:55 +0000
Subject: Make grub.cfg world-readable if it contains no passwords

Patch-Name: grub.cfg-400.patch
---
 util/grub-mkconfig.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 9f477ff..45cd4cc 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -276,6 +276,10 @@ for i in "${grub_mkconfig_dir}"/* ; do
   esac
 done
 
+if [ "x${grub_cfg}" != "x" ] && ! grep "^password" ${grub_cfg}.new >/dev/null; 
then
+  chmod 444 ${grub_cfg}.new || true
+fi

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1933826

Title:
  default file permissions on bootloader configuration

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1933826/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to