Re: chmod of generated grub.cfg

[Robert Millan]

On Sun, Sep 06, 2009 at 05:17:34PM +0200, Felix Zielcke wrote:
> Am Sonntag, den 06.09.2009, 17:09 +0200 schrieb Robert Millan:
> > On Sun, Sep 06, 2009 at 04:58:40PM +0200, Felix Zielcke wrote:
> > > 
> > > Ok here's now a patch.
> > > Robert do you think this can go into 1.97?
> > 
> > For 1.97 I'd be more comfortable with a simple s/444/400/.  An automated 
> > check
> > smells like it could have corner cases.  In fact I found one:
> > 
> > > @@ -260,6 +260,11 @@ for i in ${grub_mkconfig_dir}/* ; do
> > >    esac
> > >  done
> > >  
> > > +if [ "x${grub_cfg}" != "x" ] && grep -q "^password " ${grub_cfg}.new ; 
> > > then
> > > +  chmod 400 ${grub_cfg}.new || grub_warn "Could not make ${grub_cfg}.new 
> > > readable by only root.\
> > > +  This means your password is readable by everyone"
> > > +fi
> > 
> > There's a short time window in which /boot/grub/grub.cfg.new exists, has 
> > been
> > fully generated, and its mode is 444 rather than 400.  An attacker could 
> > poll
> > this file and with some luck extract a password from it.
> > 
> 
> Oh right. So how about this?

Ok.

-- 
Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."