Bug#432159: update-grub tries to execute directories
Trent Buck
trentbuck at gmail.com
Sun Jul 8 01:30:07 UTC 2007
Package: grub-pc
Version: 1.95+20070626-1
Severity: minor
File: /usr/sbin/update-grub
Tags: patch
update-grub does not sufficiently validate the contents of /etc/grub.d:
| $ sudo update-grub
| Updating /boot/grub/grub.cfg ...
| Found linux image: /boot/vmlinuz-2.6.21-2-amd64
| Found initrd image: /boot/initrd.img-2.6.21-2-amd64
| Found linux image: /boot/vmlinuz-2.6.21-1-amd64
| Found initrd image: /boot/initrd.img-2.6.21-1-amd64
| /usr/sbin/update-grub: 157: /etc/grub.d/RCS: Permission denied
The following patch addresses this issue. It also corrects a number
of cases of inadequate quotation.
| diff -ud -L /sudo::/usr/sbin/update-grub -L /tmp/buffer-content-24924eej /tmp/tramp.24924rop /tmp/buffer-content-24924eej
| --- /sudo::/usr/sbin/update-grub
| +++ /tmp/buffer-content-24924eej
| @@ -141,15 +141,15 @@
| #
| EOF
|
| -for i in ${update_grub_dir}/* ; do
| - case $i in
| +for i in "${update_grub_dir}"/* ; do
| + case "$i" in
| # emacsen backup files. FIXME: support other editors
| *~) ;;
| *)
| - if test -x $i ; then
| + if test -x "$i" -a -f "$i" ; then
| echo
| echo "### BEGIN $i ###"
| - $i
| + "$i"
| echo "### END $i ###"
| fi
| ;;
|
| Diff finished. Sun Jul 8 11:26:01 2007
More information about the Pkg-grub-devel
mailing list