From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MlopL-0002wX-Mr for mharc-grub-devel@gnu.org; Thu, 10 Sep 2009 14:57:03 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MlopK-0002vI-H7 for grub-devel@gnu.org; Thu, 10 Sep 2009 14:57:02 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MlopG-0002r5-1Z for grub-devel@gnu.org; Thu, 10 Sep 2009 14:57:02 -0400 Received: from [199.232.76.173] (port=59366 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MlopF-0002qt-TQ for grub-devel@gnu.org; Thu, 10 Sep 2009 14:56:57 -0400 Received: from xvm-190-8.ghst.net ([217.70.190.8]:59614 helo=aybabtu.com) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MlopE-0006fE-Kv for grub-devel@gnu.org; Thu, 10 Sep 2009 14:56:57 -0400 Received: from [192.168.10.10] (helo=thorin) by aybabtu.com with esmtp (Exim 4.69) (envelope-from ) id 1MlopA-0006ra-Sa for grub-devel@gnu.org; Thu, 10 Sep 2009 20:56:53 +0200 Received: from rmh by thorin with local (Exim 4.69) (envelope-from ) id 1MlopA-0004sO-B7 for grub-devel@gnu.org; Thu, 10 Sep 2009 20:56:52 +0200 Date: Thu, 10 Sep 2009 20:56:52 +0200 From: Robert Millan To: The development of GRUB 2 Message-ID: <20090910185652.GA18736@thorin> References: <1252240143.3895.18.camel@fz.local> <20090906133818.GI13423@riva.ucam.org> <20090908144817.GC13674@thorin> <1252421501.2872.5.camel@fz.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1252421501.2872.5.camel@fz.local> Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.18 (2008-05-17) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Subject: Re: chmod of generated grub.cfg X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Sep 2009 18:57:02 -0000 On Tue, Sep 08, 2009 at 04:51:41PM +0200, Felix Zielcke wrote: > Am Dienstag, den 08.09.2009, 16:48 +0200 schrieb Robert Millan: > > On Sun, Sep 06, 2009 at 07:22:36PM +0200, Vladimir 'phcoder' Serbinenko wrote: > > > On Sun, Sep 6, 2009 at 3:38 PM, Colin Watson wrote: > > > > On Sun, Sep 06, 2009 at 02:29:03PM +0200, Felix Zielcke wrote: > > > >> Currently grub-mkconfig uses chmod 444 on the newly generated grub.cfg > > > >> Wouldn't it be better to use 400 now that we have plaintext password > > > >> support? > > > >> Or should we add support for a GRUB_CHMOD variable so users can override > > > >> this setting as they please? > > > > > > > > I'd prefer to see this done only if they set a password. A GRUB_CHMOD > > > > variable seems overkill, though. > > > Is there a reason a non-root would like to look at grub.cfg on > > > production system? Developers can always override chmod. If there is > > > no real reason for non-root to look into grub.cfg I would follow the > > > best friend in security considerations called "paranoia" and just use > > > mode 400 > > > > I like the idea of using 0400 right away, for simplicity. > > > > OTOH, world-readable grub.cfg is useful, at least in Debian, because > > reportbug includes this file in bug reports. > > > > But if it's only useful for Debian, we shouldn't let this change our > > agenda (ah, the conflict of wearing two hats...). > > > > So in upstream we change it to 400 + warning and for Debian we use my > last patch? Ok. -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all."