William Hubbs posted on Sun, 09 Oct 2016 11:05:43 -0500 as excerpted: > On Sun, Oct 09, 2016 at 03:45:11AM +0100, M. J. Everitt wrote: >> On 09/10/16 00:57, Ben Kohler wrote: >> > >> > >> > On Sat, Oct 8, 2016 at 9:28 AM, Tom H <tomh0...@gmail.com >> > <mailto:tomh0...@gmail.com>> wrote: >> > >> > On Tue, Oct 4, 2016 at 11:34 PM, William Hubbs >> > <willi...@gentoo.org <mailto:willi...@gentoo.org>> wrote: >> > > >> > > You don't have to use grub-mkconfig. You can write >> > > /boot/grub/grub.cfg by hand if you want >> > >> > If you write "/boot/grub/grub.cfg" by hand and run grub-mkconfig >> > by mistake, you'll wipe out your config. It's safer to write it >> > to "/etc/grub.d/40_custom" and "chmod -x" the other files in >> > "/etc/grub.d/". >> > >> > Well "grub2-mkconfig" by itself doesn't write anywhere unless you >> > pass a -o parameter. If you are "accidentally" running >> > "grub2-mkconfig -o /boot/grub/grub.cfg" and it catches you by >> > surprise that /boot/grub/grub.cfg is overwritten, you have bigger >> > problems. >> > >> > Let's not make up problems where there are none. >> > >> +1 > > +1000
What I was worried most about was some so-called "helper" app deciding it could run grub-mkconfig for me. Anyway, the functionality isn't going to be used, so best security practices say the executable shouldn't even be on the system. If it's not there, it can't be run, a great solution to both the above. =:^) Tho the point that it needs a -o parameter to write somewhere is a good one as well, certainly ameliorating the problem to some extent. =:^) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman
