[packages/grub2] Don't allow anyone else to read these configs (they can contain passwords)
arekm
arekm at pld-linux.org
Wed Jul 12 10:46:08 CEST 2023
commit ea60f32bf89f486d931b4a0eb1affd524d6e9787
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Wed Jul 12 09:34:43 2023 +0200
Don't allow anyone else to read these configs (they can contain passwords)
grub2.spec | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/grub2.spec b/grub2.spec
index 31380d3..9a301f9 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -745,8 +745,8 @@ fi
# XXX: check this locale dir location and if it is neccesaary to exist on /boot
%dir %{_libexecdir}/locale
-%config(noreplace) %verify(not md5 mtime size) %{_grubdir}/grub.cfg
-%config(noreplace) %verify(not md5 mtime size) %{_grubdir}/custom.cfg
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_grubdir}/grub.cfg
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_grubdir}/custom.cfg
# generated by grub at runtime
%ghost %{_grubdir}/device.map
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/grub2.git/commitdiff/ea60f32bf89f486d931b4a0eb1affd524d6e9787
More information about the pld-cvs-commit
mailing list