On Sun, Sep 6, 2009 at 12:22 PM, Vladimir 'phcoder' Serbinenko<phco...@gmail.com> wrote: > On Sun, Sep 6, 2009 at 3:38 PM, Colin Watson<cjwat...@ubuntu.com> wrote: >> On Sun, Sep 06, 2009 at 02:29:03PM +0200, Felix Zielcke wrote: >>> Currently grub-mkconfig uses chmod 444 on the newly generated grub.cfg >>> Wouldn't it be better to use 400 now that we have plaintext password >>> support? >>> Or should we add support for a GRUB_CHMOD variable so users can override >>> this setting as they please? >> >> I'd prefer to see this done only if they set a password. A GRUB_CHMOD >> variable seems overkill, though. > Is there a reason a non-root would like to look at grub.cfg on > production system? Developers can always override chmod. If there is > no real reason for non-root to look into grub.cfg I would follow the > best friend in security considerations called "paranoia" and just use > mode 400
Shouldn't it be u+rw anyway, or 0600 ? _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
