Bug#708181: Workaround

Francesco Poli invernomuto at paranoici.org
Sun Jan 19 22:36:17 UTC 2014 

Control: tags -1 + patch


On Sat, 11 Jan 2014 17:34:50 +0100 Kim Rydhof Thor Hansen wrote:

> I was also bitten by this bug, the problem it that the default
> behaviour for menus with no security defined has changed from being
> unrestricted to being restricted if some users are defined.
> 
> My workaround is to make the "Simple" default selection unrestricted like this:
[...]

I prepared a more general patch (against grub2/2.00-22) that lets the
user add options to the simple menu entry and to the advanced submenu
and menu entries.

With these modifications, the user may set both GRUB_SIMPLEMENU_OPTS
and GRUB_ADVANCEDMENU_OPTS to "--unrestricted" and get the following
result, when superusers are defined with passwords:

  • anyone may select the simple boot option, without having to type
passwords

  • anyone may enter the advanced submenu and select any advanced boot
option, without having to type passwords

  • editing the boot parameters (hitting [e]) is restricted and
requires to type a valid superuser+password pair

In other words, it is possible to obtain the previous behavior.


Dear GRUB Maintainers, the patch is attached to this message: I think
it is below the copyright threshold, hence you should be able to apply
it without needing any license from me.
Should this turn out to not be the case, please consider my patch
released under the same terms as the modified files (that is to say,
under the terms of the GNU GPL version 3 or later).

Please apply my patch.
Thanks for your time!

Bye.


-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: grub_menu_opts.diff.gz
Type: application/octet-stream
Size: 1012 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-grub-devel/attachments/20140119/559d167b/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-grub-devel/attachments/20140119/559d167b/attachment.sig>

More information about the Pkg-grub-devel mailing list