registry team mailing list archive

Thread
Date

[Bug 248843] Re: grub config file should not be world readable

To: registry@xxxxxxxxxxxxxxxxxxx
From: Phillip Susi <psusi@xxxxxxxxxx>
Date: Mon, 01 Nov 2010 18:17:55 -0000
Reply-to: Bug 248843 <248843@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Summary changed:

- /boot/grub/menu.lst permissions should be 0660 or less
+ grub config file should not be world readable

** Description changed:

  Binary package hint: grub
  
  tiger emits these two notices:
- # --WARN-- [boot02] The configuration file /boot/grub/menu.lst has group permissions. Should be 0600 
+ # --WARN-- [boot02] The configuration file /boot/grub/menu.lst has group permissions. Should be 0600
  # --FAIL-- [boot02] The configuration file /boot/grub/menu.lst has world permissions. Should be 0600
  
  I'm inclined to agree that menu.lst should not be world-readable to
  protect the (optional) password hash there-in from dictionary cracking
  attempts. This should be fixed in grub.
  
  I see no reason to worry about it having root group access. This should
  be fixed in tiger.
+ 
+ Grub2's /boot/grub/grub.cfg also is world readable.

** Changed in: grub2 (Ubuntu)
   Importance: Medium => Wishlist

-- 
grub config file should not be world readable
https://bugs.launchpad.net/bugs/248843
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Tiger.