[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chmod of generated grub.cfg

From: Robert Millan
Subject: Re: chmod of generated grub.cfg
Date: Sun, 6 Sep 2009 17:09:21 +0200
User-agent: Mutt/1.5.18 (2008-05-17)

On Sun, Sep 06, 2009 at 04:58:40PM +0200, Felix Zielcke wrote:
> Ok here's now a patch.
> Robert do you think this can go into 1.97?

For 1.97 I'd be more comfortable with a simple s/444/400/.  An automated check
smells like it could have corner cases.  In fact I found one:

> @@ -260,6 +260,11 @@ for i in ${grub_mkconfig_dir}/* ; do
>    esac
>  done
> +if [ "x${grub_cfg}" != "x" ] && grep -q "^password " ${grub_cfg}.new ; then
> +  chmod 400 ${grub_cfg}.new || grub_warn "Could not make ${grub_cfg}.new 
> readable by only root.\
> +  This means your password is readable by everyone"
> +fi

There's a short time window in which /boot/grub/ exists, has been
fully generated, and its mode is 444 rather than 400.  An attacker could poll
this file and with some luck extract a password from it.

Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."

reply via email to

[Prev in Thread] Current Thread [Next in Thread]