registry team mailing list archive
-
registry team
-
Mailing list archive
-
Message #26207
[Bug 248843] Re: grub config file should not be world readable
** Summary changed:
- /boot/grub/menu.lst permissions should be 0660 or less
+ grub config file should not be world readable
** Description changed:
Binary package hint: grub
tiger emits these two notices:
- # --WARN-- [boot02] The configuration file /boot/grub/menu.lst has group permissions. Should be 0600
+ # --WARN-- [boot02] The configuration file /boot/grub/menu.lst has group permissions. Should be 0600
# --FAIL-- [boot02] The configuration file /boot/grub/menu.lst has world permissions. Should be 0600
I'm inclined to agree that menu.lst should not be world-readable to
protect the (optional) password hash there-in from dictionary cracking
attempts. This should be fixed in grub.
I see no reason to worry about it having root group access. This should
be fixed in tiger.
+
+ Grub2's /boot/grub/grub.cfg also is world readable.
** Changed in: grub2 (Ubuntu)
Importance: Medium => Wishlist
--
grub config file should not be world readable
https://bugs.launchpad.net/bugs/248843
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Tiger.