grub config file should not be world readable
Bug #248843 reported by
Richard Laager
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
grub2 (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
tiger (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: grub
tiger emits these two notices:
# --WARN-- [boot02] The configuration file /boot/grub/menu.lst has group permissions. Should be 0600
# --FAIL-- [boot02] The configuration file /boot/grub/menu.lst has world permissions. Should be 0600
I'm inclined to agree that menu.lst should not be world-readable to protect the (optional) password hash there-in from dictionary cracking attempts. This should be fixed in grub.
I see no reason to worry about it having root group access. This should be fixed in tiger.
Grub2's /boot/grub/grub.cfg also is world readable.
summary: |
- /boot/grub/menu.lst permissions should be 0660 or less + grub config file should not be world readable |
description: | updated |
Changed in grub2 (Ubuntu): | |
importance: | Medium → Wishlist |
To post a comment you must log in.
Thanks for reporting this bug.
I confirm in Ubuntu 8.04 and tiger 1:3.2.2
I agree that the file should be 0600, but 0660 is not a problem (as 0640) as long as the group owner is root.
At this moment, /boot/grub/menu.lst is 0644.
So, two actions, if people agree about it:
-> change the rights on Ubuntu grub file
-> change tiger detection an make it more accurate.