Ubuntu
grub2 package

  1. Impish (21.10)
  2. Bug #1933826
  3. Comment #2

Comment 2 for bug 1933826

Revision history for this message
Julian Andres Klode (juliank) wrote :

FWIW, we explicitly ship a patch to make the file world-readable if it does not contain a password.

From: Colin Watson <email address hidden>
Date: Mon, 13 Jan 2014 12:12:55 +0000
Subject: Make grub.cfg world-readable if it contains no passwords

Patch-Name: grub.cfg-400.patch
---
 util/grub-mkconfig.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 9f477ff..45cd4cc 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -276,6 +276,10 @@ for i in "${grub_mkconfig_dir}"/* ; do
   esac
 done

+if [ "x${grub_cfg}" != "x" ] && ! grep "^password" ${grub_cfg}.new >/dev/null; then
+ chmod 444 ${grub_cfg}.new || true
+fi