On 11.06.2015 05:55, Andrei Borzenkov wrote: > В Wed, 10 Jun 2015 21:35:51 +0200 > "Vladimir 'phcoder' Serbinenko" <phco...@gmail.com> пишет: > >> This patch may allow to escape to shell if menu was called from context >> without menu entries. This may happen inadvertently I.a. when using >> configfile. You need to add an additional parameter to indicate whether >> it's OK to break from menu > > Could you explain? Grub does > > grub_enter_normal > grub_normal_execute > grub_show_menu > grub_cmdline_run > > if after processing config file there are no menu entries we do not > even call grub_show_menu. And even if we do, after return from it there > is mandatory authentication in grub_cmdline_run. > Imagine something like following: grub.cfg: # Use another config file configfile grub2.cfg grub2.cfg: superusers=root .... Then pressing escape would lead you to the parent context where there is no password protection. Question is whether this is a misconfiguration on grub.cfg side (i.a. should have been source, not configfile) or something to deal on code side. > I see how it could happen in original commit when authentication was > added, but I miss code path that cause it now. > >> Le 10 juin 2015 21:32, "Andrei Borzenkov" <arvidj...@gmail.com> a écrit : >> >>> В Wed, 10 Jun 2015 18:29:59 +0200 >>> Florian Kaiser <florian_kai...@genua.de> пишет: >>> >>>> Hi, >>>> >>>> we are using grub2 with authentication enabled and multiple submenus. >>>> Unfortunately it is not possible to return to a previous menu with ESC >>> without >>>> triggering a superuser password prompt. This is not the desired behavior >>> in >>>> my opinion. >>>> I attached a patch to this email, which removes the password prompt when >>>> pressing escape. >>>> >>> >>> Looks OK; I'm not sure why this was needed in the first place - it does >>> not look like it is even possible to exit primary menu. >>> >>> Vladimir, OK to commit? >>> >>> _______________________________________________ >>> Grub-devel mailing list >>> Grub-devel@gnu.org >>> https://lists.gnu.org/mailman/listinfo/grub-devel >>> > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel