From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1ZwDxz-0006BK-3q for mharc-grub-devel@gnu.org; Tue, 10 Nov 2015 13:48:27 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50141) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZwDxw-0006B8-Rs for grub-devel@gnu.org; Tue, 10 Nov 2015 13:48:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZwDxr-0004yt-PU for grub-devel@gnu.org; Tue, 10 Nov 2015 13:48:24 -0500 Received: from mail-lf0-x234.google.com ([2a00:1450:4010:c07::234]:35239) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZwDxr-0004yk-IZ for grub-devel@gnu.org; Tue, 10 Nov 2015 13:48:19 -0500 Received: by lfdo63 with SMTP id o63so3513385lfd.2 for ; Tue, 10 Nov 2015 10:48:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=N0CKFFJGFzzvJgU9TJJyif6LeTP+hhUq/QKWgnPt6aM=; b=jvErCW+oibDnJLeqJBivpu2EqKxOusSq5bqlBlzI9SPrQw1KtM2MsK8Lx5vB2/zB/d iU+qv1ZZmT6/MG2JufC7C97PWX0zVxZcJma2m3bD3+KyXF2WRfrtikZ+c+Fthm1mSDT/ qaR1bI1VO4vfn9Xybs6/cbepqqGHUPQUFXkKqCmcv/94Vwc8siKDg/YyD7JK1rhGv5Yu EHf6+DruCLbFUBu3J0eR3beGJ2u6RLbvVypleXCxJKwlV4CtHvCKP7yeLbCRPHiqbqeM NtlHrkvHQHotM6tj23s7c5GgdDQJVVc22oChwLmQdsU1zIjKe0qJDhlNBLq+VJzVc2KS St7A== X-Received: by 10.25.87.71 with SMTP id l68mr2404835lfb.97.1447181298735; Tue, 10 Nov 2015 10:48:18 -0800 (PST) Received: from [192.168.1.41] (ppp91-76-25-247.pppoe.mtu-net.ru. [91.76.25.247]) by smtp.gmail.com with ESMTPSA id 200sm753771lfz.48.2015.11.10.10.48.17 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Nov 2015 10:48:17 -0800 (PST) Subject: Escape to CLI (was: Re: [PATCH] broken ESC navigation if authentication is used) To: The development of GNU GRUB References: <201506101829.59882.florian_kaiser@genua.de> From: Andrei Borzenkov Message-ID: <56423BF0.1020600@gmail.com> Date: Tue, 10 Nov 2015 21:48:16 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <201506101829.59882.florian_kaiser@genua.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4010:c07::234 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2015 18:48:25 -0000 10.06.2015 19:29, Florian Kaiser пишет: > Hi, > > we are using grub2 with authentication enabled and multiple submenus. > Unfortunately it is not possible to return to a previous menu with ESC without > triggering a superuser password prompt. This is not the desired behavior in > my opinion. > I attached a patch to this email, which removes the password prompt when > pressing escape. > Actually I could not even reproduce it at first. The problem is, new submenu opens new context and unless `superusers' is exported as soon as we enter submenu no authentication is required at all (including entering CLI). I am not sure whether this is intentional, but this is definitely unexpected. And due to complete lack of description of variable scoping in GRUB it is also undocumented. Options are - simply document variable scoping and mention it in authentication description - propagate superusers to submenus, rely on normal export in nested config. Still needs documentation what export actually does. - export superusers by default and document it in description.