Bug#358651: update-grub: make menu.lst world-readable (security?)
Ross Boylan
ross at biostat.ucsf.edu
Thu Mar 23 18:15:14 UTC 2006
Package: grub
Version: 0.97-5
Severity: normal
I created a grub installation with update-grub, and got the following
report from tiger:
# Verifying system specific password checks...
NEW: --FAIL-- [boot02] The configuration file /boot/grub/menu.lst has world permissions. Should be 0600
NEW: --WARN-- [boot02] The configuration file /boot/grub/menu.lst has group permissions. Should be 0600
NEW: --WARN-- [boot06] The Grub bootloader does not have a password configured.
All the entries in /boot/grub are world-readable. The explanation is
# tigexp boot02
The grub configuration file (/boot/grub/grub.conf) should have permissions
limiting access to only the owner (usually root).
I'm guessing this is because it may have passwords in it; nothing in
my menu.lst looks sensitive.
If you think the current permissions are appropriate, please reassign
this bug to tiger.
Thanks.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages grub depends on:
ii libc6 2.3.6-3 GNU C Library: Shared libraries an
ii libncurses5 5.5-1 Shared libraries for terminal hand
grub recommends no packages.
-- no debconf information
More information about the Pkg-grub-devel
mailing list