Comment 7 for bug 1881006
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 1881006] Re: Incorrect ESP mount options | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
On Fri, Jan 22, 2021 at 07:31:59PM -0000, Marc Deslauriers wrote:
> > But I think that files on the ESP should be world-readable by default,
> so umask=0077 is also wrong.
> Is there a particular reason you think they should?
> While I have no concrete example of something on the ESP that would
> expose information to users, I can't think of any reason users should
> have access to it either. I think 0077 is a reasonable default, unless
> we can come up with a specific use-case where it needs to be world-
> readable.
On Fri, Jan 22, 2021 at 06:26:12PM -0000, Dimitri John Ledkov wrote:
> > But I think that files on the ESP should be world-readable by default
> Why are kernel images not world-readable? and are 600?
> I would have thought that the same reasons as to why kernel images are
> 600, applies to shim and grub too.
The default behavior of system files in Ubuntu is for them to be
world-readable. There is an exception for the kernel images specifically
because exposing the details of the image can be used to construct an attack
against the running kernel in memory.
This doesn't substantially hold true for the EFI executables on the ESP;
while shim leaves an EFI protocol in memory that could be attacked, it is
discoverable via standard EFI calls and there's not anything particular in
the way of memory layout that one learns from access to the shim.efi on disk
that makes an attack more effective.
So the tradeoff for security vs user introspectabili
different for shim than for kernels.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https:/
<email address hidden> <email address hidden>