grub2/0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch

39 lines
1.6 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Wed, 21 Nov 2018 15:38:50 +0100
Subject: [PATCH] blscfg: expand grub_users before passing to
grub_normal_add_menu_entry()
The "grub_users" field from the BLS snippet file is used to specifcy the
users that are allowed to execute a given menu entry if the "superusers"
environment variable is set.
If the "grub_users" isn't set, the menu entry is unrestricted and it can
be executed without any authentication and if is set then only the users
defined in "grub_users" can execute the menu entry after authentication.
But this field can contain an environment variable so has to be expanded
or otherwise grub2 will wrongly assume that the user is "$var", and will
populate a menu entry that it's resctrited even when "$var" isn't set.
Resolves: rhbz#1650706
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/commands/blscfg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index 42892cbfd..c432c6ba2 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -704,7 +704,7 @@ static void create_entry (struct bls_entry *entry)
initrds = bls_make_list (entry, "initrd", NULL);
hotkey = bls_get_val (entry, "grub_hotkey", NULL);
- users = bls_get_val (entry, "grub_users", NULL);
+ users = expand_val (bls_get_val (entry, "grub_users", NULL));
classes = bls_make_list (entry, "grub_class", NULL);
args = bls_make_list (entry, "grub_arg", &argc);