From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1ZvuDF-0004PX-5I for mharc-grub-devel@gnu.org; Mon, 09 Nov 2015 16:42:53 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60512) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZvuDC-0004P3-Qs for grub-devel@gnu.org; Mon, 09 Nov 2015 16:42:51 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZvuDB-00044x-Kp for grub-devel@gnu.org; Mon, 09 Nov 2015 16:42:50 -0500 Received: from mail-wm0-x22c.google.com ([2a00:1450:400c:c09::22c]:35397) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZvuDB-00044t-EH for grub-devel@gnu.org; Mon, 09 Nov 2015 16:42:49 -0500 Received: by wmdw130 with SMTP id w130so47365899wmd.0 for ; Mon, 09 Nov 2015 13:42:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type; bh=SRJLDsZC/qr/0FW/KA0iEUr4g5puKUuG5aTz8mwZQcA=; b=qLvjpD+WmV/iUrvoeDGMcMGs83cVM2wh1zlYG4XFLw10plCjSPJc0ycwZaqgrrp84G 8KqoJF29RFESNZ692xO/zURc20bFv3LFYZbqd/Ip058t5OiBA6Qwoq+ZSMeGPhx0mJpu IxCOCiVD0guBUjI0I2hYY84ANex5X2l2dGaaMwFEq9gt3+9mXbdj2R6o9v2OCK/y1TRA CyIB6yV0SCw3E5CcNotO486ljjX1NFeOouXn6WjCyoXwhyV90qOPWKHTgejbnF6h4q2/ dfgOO7Ce5D5wCRtbJ74kJpi8nZVBQVYKo1+Ysxp/aN5a5igLG1kr6ZwaxgyptgP5CrRB D15Q== X-Received: by 10.195.13.135 with SMTP id ey7mr70433wjd.25.1447105368818; Mon, 09 Nov 2015 13:42:48 -0800 (PST) Received: from ?IPv6:2a02:1205:34c8:dc00:863a:4bff:fe50:abc4? ([2a02:1205:34c8:dc00:863a:4bff:fe50:abc4]) by smtp.gmail.com with ESMTPSA id lf10sm44010wjb.23.2015.11.09.13.42.47 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Nov 2015 13:42:47 -0800 (PST) Subject: Re: [PATCH] broken ESC navigation if authentication is used To: The development of GNU GRUB References: <201506101829.59882.florian_kaiser@genua.de> <20150610223152.1c2f2564@opensuse.site> <20150611065531.47ffab1f@opensuse.site> From: =?UTF-8?Q?Vladimir_'=cf=86-coder/phcoder'_Serbinenko?= Message-ID: <563FB6C4.1010609@gmail.com> Date: Sun, 8 Nov 2015 21:55:32 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.3.0 MIME-Version: 1.0 In-Reply-To: <20150611065531.47ffab1f@opensuse.site> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="DM3oir6bRqViprJeGQPmIf2SM7vv4DPuD" X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:400c:c09::22c X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Nov 2015 21:42:52 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --DM3oir6bRqViprJeGQPmIf2SM7vv4DPuD Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11.06.2015 05:55, Andrei Borzenkov wrote: > =D0=92 Wed, 10 Jun 2015 21:35:51 +0200 > "Vladimir 'phcoder' Serbinenko" =D0=BF=D0=B8=D1=88=D0= =B5=D1=82: >=20 >> This patch may allow to escape to shell if menu was called from contex= t >> without menu entries. This may happen inadvertently I.a. when using >> configfile. You need to add an additional parameter to indicate whethe= r >> it's OK to break from menu >=20 > Could you explain? Grub does >=20 > grub_enter_normal > grub_normal_execute > grub_show_menu > grub_cmdline_run >=20 > if after processing config file there are no menu entries we do not > even call grub_show_menu. And even if we do, after return from it there= > is mandatory authentication in grub_cmdline_run. >=20 Imagine something like following: grub.cfg: # Use another config file configfile grub2.cfg grub2.cfg: superusers=3Droot =2E... Then pressing escape would lead you to the parent context where there is no password protection. Question is whether this is a misconfiguration on grub.cfg side (i.a. should have been source, not configfile) or something to deal on code sid= e. > I see how it could happen in original commit when authentication was > added, but I miss code path that cause it now.=20 >=20 >> Le 10 juin 2015 21:32, "Andrei Borzenkov" a =C3=A9= crit : >> >>> =D0=92 Wed, 10 Jun 2015 18:29:59 +0200 >>> Florian Kaiser =D0=BF=D0=B8=D1=88=D0=B5=D1=82= : >>> >>>> Hi, >>>> >>>> we are using grub2 with authentication enabled and multiple submenus= =2E >>>> Unfortunately it is not possible to return to a previous menu with E= SC >>> without >>>> triggering a superuser password prompt. This is not the desired beha= vior >>> in >>>> my opinion. >>>> I attached a patch to this email, which removes the password prompt = when >>>> pressing escape. >>>> >>> >>> Looks OK; I'm not sure why this was needed in the first place - it do= es >>> not look like it is even possible to exit primary menu. >>> >>> Vladimir, OK to commit? >>> >>> _______________________________________________ >>> Grub-devel mailing list >>> Grub-devel@gnu.org >>> https://lists.gnu.org/mailman/listinfo/grub-devel >>> >=20 >=20 > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel >=20 --DM3oir6bRqViprJeGQPmIf2SM7vv4DPuD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREKAAYFAlY/tsUACgkQmBXlbbo5nOu+qAEAnagI9xa8pxP72pvBTSeTpOy+ TpCbouEAarPVcYKa2bcA/2l+DWeOhsweB3YCWLMbQMRYx6hcUNNOq06k80VY9AE7 =lO9b -----END PGP SIGNATURE----- --DM3oir6bRqViprJeGQPmIf2SM7vv4DPuD--