grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] broken ESC navigation if authentication is used

From: Andrei Borzenkov
Subject: Re: [PATCH] broken ESC navigation if authentication is used
Date: Tue, 10 Nov 2015 10:52:00 +0300 
On Sun, Nov 8, 2015 at 11:55 PM, Vladimir 'φ-coder/phcoder' Serbinenko
<address@hidden> wrote:
> On 11.06.2015 05:55, Andrei Borzenkov wrote:
>> В Wed, 10 Jun 2015 21:35:51 +0200
>> "Vladimir 'phcoder' Serbinenko" <address@hidden> пишет:
>>
>>> This patch may allow to escape to shell if menu was called from context
>>> without menu entries. This may happen inadvertently I.a. when using
>>> configfile. You need to add an additional parameter to indicate whether
>>> it's OK to break from menu
>>
>> Could you explain? Grub does
>>
>> grub_enter_normal
>>   grub_normal_execute
>>     grub_show_menu
>>   grub_cmdline_run
>>
>> if after processing config file there are no menu entries we do not
>> even call grub_show_menu. And even if we do, after return from it there
>> is mandatory authentication in grub_cmdline_run.
>>
> Imagine something like following:
> grub.cfg:
> # Use another config file
> configfile grub2.cfg
> grub2.cfg:
> superusers=root
> ....
> Then pressing escape would lead you to the parent context where there is
> no password protection.
> Question is whether this is a misconfiguration on grub.cfg side (i.a.
> should have been source, not configfile) or something to deal on code side.

We already have "nested" argument. We probably can convert this into
enum or bit field to differentiate between new scope
(normal/configfile) or submenu. Does it sound sane?

>> I see how it could happen in original commit when authentication was
>> added, but I miss code path that cause it now.
>>
>>> Le 10 juin 2015 21:32, "Andrei Borzenkov" <address@hidden> a écrit :
>>>
>>>> В Wed, 10 Jun 2015 18:29:59 +0200
>>>> Florian Kaiser <address@hidden> пишет:
>>>>
>>>>> Hi,
>>>>>
>>>>> we are using grub2 with authentication enabled and multiple submenus.
>>>>> Unfortunately it is not possible to return to a previous menu with ESC
>>>> without
>>>>> triggering a superuser password prompt. This is not the desired behavior
>>>> in
>>>>> my opinion.
>>>>> I attached a patch to this email, which removes the password prompt when
>>>>> pressing escape.
>>>>>
>>>>
>>>> Looks OK; I'm not sure why this was needed in the first place - it does
>>>> not look like it is even possible to exit primary menu.
>>>>
>>>> Vladimir, OK to commit?
>>>>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]