On 11.06.2015 05:55, Andrei Borzenkov wrote:
В Wed, 10 Jun 2015 21:35:51 +0200
"Vladimir 'phcoder' Serbinenko" <address@hidden> пишет:
This patch may allow to escape to shell if menu was called from context
without menu entries. This may happen inadvertently I.a. when using
configfile. You need to add an additional parameter to indicate whether
it's OK to break from menu
Could you explain? Grub does
grub_enter_normal
grub_normal_execute
grub_show_menu
grub_cmdline_run
if after processing config file there are no menu entries we do not
even call grub_show_menu. And even if we do, after return from it there
is mandatory authentication in grub_cmdline_run.
Imagine something like following:
grub.cfg:
# Use another config file
configfile grub2.cfg
grub2.cfg:
superusers=root
....
Then pressing escape would lead you to the parent context where there is
no password protection.
Question is whether this is a misconfiguration on grub.cfg side (i.a.
should have been source, not configfile) or something to deal on code side.
submenu-auth.diff