blob: 2f1c304a6b6617c697beebf13b4f458bb35fcb98 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
From 2f1be2e80ba5dd1278401f21cfe07526312838e9 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 13 Jan 2014 12:12:55 +0000
Subject: Make grub.cfg world-readable if it contains no passwords
Patch-Name: grub.cfg-400.patch
---
util/grub-mkconfig.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index f8cbb8d7a..0fd618e35 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -289,6 +289,10 @@ for i in "${grub_mkconfig_dir}"/* ; do
esac
done
+if [ "x${grub_cfg}" != "x" ] && ! grep "^password" ${grub_cfg}.new >/dev/null; then
+ chmod 444 ${grub_cfg}.new || true
+fi
+
if test "x${grub_cfg}" != "x" ; then
if ! ${grub_script_check} ${grub_cfg}.new; then
# TRANSLATORS: %s is replaced by filename
|
