Bootctl install' outputs warning of random seed file world accessible

remgee · October 21, 2023, 8:31pm

Hi guys,

I got 2 warnings during installing my bootloader of;
‘mount point /boot/efi is world accessible which is a security hole!’
‘random seed file /boot/efi/loader/… is world accessible which is a security hole!’

I require some help, I’ve found the answer in the thread below but I need some clarity in the procedures.
Do I understand correctly that I must arch-chroot into my system from an ISO, change the permissions of the two files that are world accessible, then also do something in the /etc/fstab file to make it persistent? then unmount and reload my system?
And do I have to refresh bootctl again?

https://forum.endeavouros.com/t/bootctl-install-outputs-some-warnings-about-efi-mount-point-and-random-seed-file-in-the-terminal/43991/10

Kind regards and thanks in advance!

pebcak · October 21, 2023, 8:45pm

It is enough to do “something” in /etc/fstab.‘’

Edit your fstab as root, for example:

sudo nano /etc/fstab

and add

fmask=0137,dmask=0027

to the options.

That’s it!

remgee · October 22, 2023, 5:08am

It appears the options had already been placed but with slightly different permissions: fmask=-0022, dmask=0022.

Thank you very much pebcak, I hope you acidentally find a $50 note on the floor on your travels

pebcak · October 22, 2023, 6:23am

You are welcome!
Keeping my eyes wide open. Today may be my lucky day.

system · October 24, 2023, 6:24am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.