Re: [PATCH] broken ESC navigation if authentication is used - Vladimir 'φ-coder/phcoder' Serbinenko

From: "Vladimir 'φ-coder/phcoder' Serbinenko" <phcoder@gmail.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Subject: Re: [PATCH] broken ESC navigation if authentication is used
Date: Sun, 8 Nov 2015 21:55:32 +0100	[thread overview]
Message-ID: <563FB6C4.1010609@gmail.com> (raw)
In-Reply-To: <20150611065531.47ffab1f@opensuse.site>

[-- Attachment #1: Type: text/plain, Size: 2348 bytes --]

On 11.06.2015 05:55, Andrei Borzenkov wrote:
> В Wed, 10 Jun 2015 21:35:51 +0200
> "Vladimir 'phcoder' Serbinenko" <phcoder@gmail.com> пишет:
> 
>> This patch may allow to escape to shell if menu was called from context
>> without menu entries. This may happen inadvertently I.a. when using
>> configfile. You need to add an additional parameter to indicate whether
>> it's OK to break from menu
> 
> Could you explain? Grub does
> 
> grub_enter_normal
>   grub_normal_execute
>     grub_show_menu
>   grub_cmdline_run
> 
> if after processing config file there are no menu entries we do not
> even call grub_show_menu. And even if we do, after return from it there
> is mandatory authentication in grub_cmdline_run.
> 
Imagine something like following:
grub.cfg:
# Use another config file
configfile grub2.cfg
grub2.cfg:
superusers=root
....
Then pressing escape would lead you to the parent context where there is
no password protection.
Question is whether this is a misconfiguration on grub.cfg side (i.a.
should have been source, not configfile) or something to deal on code side.
> I see how it could happen in original commit when authentication was
> added, but I miss code path that cause it now. 
> 
>> Le 10 juin 2015 21:32, "Andrei Borzenkov" <arvidjaar@gmail.com> a écrit :
>>
>>> В Wed, 10 Jun 2015 18:29:59 +0200
>>> Florian Kaiser <florian_kaiser@genua.de> пишет:
>>>
>>>> Hi,
>>>>
>>>> we are using grub2 with authentication enabled and multiple submenus.
>>>> Unfortunately it is not possible to return to a previous menu with ESC
>>> without
>>>> triggering a superuser password prompt. This is not the desired behavior
>>> in
>>>> my opinion.
>>>> I attached a patch to this email, which removes the password prompt when
>>>> pressing escape.
>>>>
>>>
>>> Looks OK; I'm not sure why this was needed in the first place - it does
>>> not look like it is even possible to exit primary menu.
>>>
>>> Vladimir, OK to commit?
>>>
>>> _______________________________________________
>>> Grub-devel mailing list
>>> Grub-devel@gnu.org
>>> https://lists.gnu.org/mailman/listinfo/grub-devel
>>>
> 
> 
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
> 


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 213 bytes --]