From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1EksRw-0002fE-6x for mharc-grub-devel@gnu.org; Fri, 09 Dec 2005 19:18:52 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1EksRs-0002bt-3d for grub-devel@gnu.org; Fri, 09 Dec 2005 19:18:48 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1EksRo-0002Ys-0T for grub-devel@gnu.org; Fri, 09 Dec 2005 19:18:45 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1EksRk-0002Xr-Ld for grub-devel@gnu.org; Fri, 09 Dec 2005 19:18:41 -0500 Received: from [212.85.152.101] (helo=kotoba.storever.com) by monty-python.gnu.org with esmtp (Exim 4.34) id 1EksT1-00087V-S5 for grub-devel@gnu.org; Fri, 09 Dec 2005 19:20:00 -0500 Received: from kotoba.storever.com (kotoba.oasis.nexedi.com [212.85.152.101]) by kotoba.storever.com (Postfix) with ESMTP id B305B3C8229AA for ; Sat, 10 Dec 2005 01:37:46 +0100 (CET) Received: from ip6-localhost (localhost [127.0.0.1]) by kotoba.storever.com (Postfix) with ESMTP id 92F953C7E6F71 for ; Sat, 10 Dec 2005 01:37:46 +0100 (CET) From: "Yoshinori K. Okuji" Organization: enbug.org To: The development of GRUB 2 Date: Sat, 10 Dec 2005 01:18:10 +0100 User-Agent: KMail/1.7.2 References: <200512081925.42374.okuji@enbug.org> <1134085204.2590.50.camel@localhost.localdomain> In-Reply-To: <1134085204.2590.50.camel@localhost.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200512100118.10596.okuji@enbug.org> X-Bogosity: No, tests=bogofilter, spamicity=0.500000, version=0.17.2 Subject: Re: GRUB2 Build on Mac OS X X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Dec 2005 00:18:49 -0000 On Friday 09 December 2005 12:40 am, Peter Jones wrote: > Now, the obvious retort to this is that no setuid programs are calling > grub, so it's not even one of those cases. That's not a good answer > either. I've got one I'd really *like* to call grub from, and it is > pm-hibernate, through consolehelper, and they both accept some degree of > user input from whoever's logged in on the console. > > I'd really like to make it so that if somebody has 2 kernels installed, > boots the non-default one, hibernates their laptop, and unsuspends > without paying attention, it doesn't die a horrible death. The most > obvious way to do that is to make pm-hibernate set the next-boot device > to the currently running one. I don't agree. Here what you need to use is grub-setdefault but not grub itself. grub-setdefault is just a shell script, so it does not matter whether we use nested functions or not in the C code. I don't see any security concern in GRUB. At least I haven't seen any scenario yet. I don't say that it is good that GCC generates code to use a stack for executing code, because it is hard to find a bug when buffer overflow happens due to a programming mistake. But I don't think executable stacks are bad *for security* in GRUB. Okuji