From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MkNTP-0001Ku-3P for mharc-grub-devel@gnu.org; Sun, 06 Sep 2009 15:32:27 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MkNTM-0001Kl-Rl for grub-devel@gnu.org; Sun, 06 Sep 2009 15:32:24 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MkNTI-0001KE-DF for grub-devel@gnu.org; Sun, 06 Sep 2009 15:32:24 -0400 Received: from [199.232.76.173] (port=50710 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MkNTI-0001KB-7q for grub-devel@gnu.org; Sun, 06 Sep 2009 15:32:20 -0400 Received: from xvm-190-8.ghst.net ([217.70.190.8]:42381 helo=aybabtu.com) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MkNTH-0000Jw-QF for grub-devel@gnu.org; Sun, 06 Sep 2009 15:32:20 -0400 Received: from [192.168.10.10] (helo=thorin) by aybabtu.com with esmtp (Exim 4.69) (envelope-from ) id 1MkNTD-0001ck-AR for grub-devel@gnu.org; Sun, 06 Sep 2009 21:32:15 +0200 Received: from rmh by thorin with local (Exim 4.69) (envelope-from ) id 1MkNTC-00013I-Ng for grub-devel@gnu.org; Sun, 06 Sep 2009 21:32:14 +0200 Date: Sun, 6 Sep 2009 21:32:14 +0200 From: Robert Millan To: The development of GRUB 2 Message-ID: <20090906193214.GA4001@thorin> References: <1252240143.3895.18.camel@fz.local> <20090906133818.GI13423@riva.ucam.org> <1252244626.3895.52.camel@fz.local> <20090906135742.GJ13423@riva.ucam.org> <1252249120.3895.53.camel@fz.local> <20090906150921.GE3548@thorin> <1252250254.3895.56.camel@fz.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1252250254.3895.56.camel@fz.local> Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.18 (2008-05-17) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Subject: Re: chmod of generated grub.cfg X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Sep 2009 19:32:25 -0000 On Sun, Sep 06, 2009 at 05:17:34PM +0200, Felix Zielcke wrote: > Am Sonntag, den 06.09.2009, 17:09 +0200 schrieb Robert Millan: > > On Sun, Sep 06, 2009 at 04:58:40PM +0200, Felix Zielcke wrote: > > > > > > Ok here's now a patch. > > > Robert do you think this can go into 1.97? > > > > For 1.97 I'd be more comfortable with a simple s/444/400/. An automated check > > smells like it could have corner cases. In fact I found one: > > > > > @@ -260,6 +260,11 @@ for i in ${grub_mkconfig_dir}/* ; do > > > esac > > > done > > > > > > +if [ "x${grub_cfg}" != "x" ] && grep -q "^password " ${grub_cfg}.new ; then > > > + chmod 400 ${grub_cfg}.new || grub_warn "Could not make ${grub_cfg}.new readable by only root.\ > > > + This means your password is readable by everyone" > > > +fi > > > > There's a short time window in which /boot/grub/grub.cfg.new exists, has been > > fully generated, and its mode is 444 rather than 400. An attacker could poll > > this file and with some luck extract a password from it. > > > > Oh right. So how about this? Ok. -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all."