|
|
d9d99f |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
d9d99f |
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
d9d99f |
Date: Wed, 21 Nov 2018 15:38:50 +0100
|
|
|
d9d99f |
Subject: [PATCH] blscfg: expand grub_users before passing to
|
|
|
d9d99f |
grub_normal_add_menu_entry()
|
|
|
d9d99f |
|
|
|
d9d99f |
The "grub_users" field from the BLS snippet file is used to specifcy the
|
|
|
d9d99f |
users that are allowed to execute a given menu entry if the "superusers"
|
|
|
d9d99f |
environment variable is set.
|
|
|
d9d99f |
|
|
|
d9d99f |
If the "grub_users" isn't set, the menu entry is unrestricted and it can
|
|
|
d9d99f |
be executed without any authentication and if is set then only the users
|
|
|
d9d99f |
defined in "grub_users" can execute the menu entry after authentication.
|
|
|
d9d99f |
|
|
|
d9d99f |
But this field can contain an environment variable so has to be expanded
|
|
|
d9d99f |
or otherwise grub2 will wrongly assume that the user is "$var", and will
|
|
|
d9d99f |
populate a menu entry that it's resctrited even when "$var" isn't set.
|
|
|
d9d99f |
|
|
|
d9d99f |
Resolves: rhbz#1650706
|
|
|
d9d99f |
|
|
|
d9d99f |
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
d9d99f |
---
|
|
|
d9d99f |
grub-core/commands/blscfg.c | 2 +-
|
|
|
d9d99f |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
d9d99f |
|
|
|
d9d99f |
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
|
|
|
d9d99f |
index 42892cbfd55..c432c6ba27a 100644
|
|
|
d9d99f |
--- a/grub-core/commands/blscfg.c
|
|
|
d9d99f |
+++ b/grub-core/commands/blscfg.c
|
|
|
d9d99f |
@@ -704,7 +704,7 @@ static void create_entry (struct bls_entry *entry)
|
|
|
d9d99f |
initrds = bls_make_list (entry, "initrd", NULL);
|
|
|
d9d99f |
|
|
|
d9d99f |
hotkey = bls_get_val (entry, "grub_hotkey", NULL);
|
|
|
d9d99f |
- users = bls_get_val (entry, "grub_users", NULL);
|
|
|
d9d99f |
+ users = expand_val (bls_get_val (entry, "grub_users", NULL));
|
|
|
d9d99f |
classes = bls_make_list (entry, "grub_class", NULL);
|
|
|
d9d99f |
args = bls_make_list (entry, "grub_arg", &argc);
|
|
|
d9d99f |
|