* util/grub-mkconfig.in: Use umask rather than chmod to create

grub.cfg.new to avoid insecure grub.cfg.
2012-02-03 12:15:53 +01:00 · 2012-02-03 12:15:53 +01:00 · 055f856f71
parent 4a9f8346c9
commit 055f856f71
2 changed files with 9 additions and 7 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2012-02-03  Mark Wooding <mdw@distorted.org.uk>
+
+	* util/grub-mkconfig.in: Use umask rather than chmod to create
+	grub.cfg.new to avoid insecure grub.cfg.
+
 2012-02-03  Vladimir Serbinenko  <phcoder@gmail.com>

        * grub-core/commands/ls.c: Gettextize.
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@ -248,13 +248,10 @@ export GRUB_DEFAULT \
  GRUB_BADRAM

 if test "x${grub_cfg}" != "x"; then
-  rm -f ${grub_cfg}.new
-  exec > ${grub_cfg}.new
-
-  # Allow this to fail, since /boot/grub/ might need to be fatfs to support some
-  # firmware implementations (e.g. OFW or EFI).
-  chmod 400 ${grub_cfg}.new || grub_warn "$(gettext_printf "Could not make %s \
-readable by only root. This means that if the generated config contains a password it is readable by everyone" "${grub_cfg}.new")"
+  rm -f "${grub_cfg}.new"
+  oldumask=$(umask); umask 077
+  exec > "${grub_cfg}.new"
+  umask $oldumask
 fi
 gettext "Generating grub.cfg ..." >&2
 echo >&2