Re: [PATCH v2 2/5] load_env support for whitelisting which variables are

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 2/5] load_env support for whitelisting which variables are

From:	Andrey Borzenkov
Subject:	Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce
Date:	Thu, 19 Sep 2013 14:12:22 +0400

В Mon, 9 Sep 2013 08:34:10 -0700
Jonathan McCune <address@hidden> пишет:

> 
> > Now if you could come up with solution that maintains compatibility
> > with existing grub.cfg, that would be valid reason. But right now
> > grub.cfg must be changed anyway at which point just save untrusted
> > variables separately from trusted.
> >
> >
> I don't think my changes break compatibility with anybody's existing
> grub.cfg.  Can you be more specific?
> 

Currently grub.cfg loads all variables from environment block. Your
change would require changing it to load only whitelisted variables.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 0/5] Enable savedefault, etc with check_signatures=enforce, Jon McCune, 2013/09/06
- [PATCH v2 1/5] style: indent --no-tabs --gnu-style grub-core/commands/loadenv.c, Jon McCune, 2013/09/06
- [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jon McCune, 2013/09/06
  - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/06
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/06
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/07
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/09
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov <=
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/19
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Vladimir 'φ-coder/phcoder' Serbinenko, 2013/09/19
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/19
- [PATCH v2 3/5] save_env should work, even if check_signatures=enforce, Jon McCune, 2013/09/06
- [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command, Jon McCune, 2013/09/06
  - Re: [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command, Andrey Borzenkov, 2013/09/06
    - Re: [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command, Jonathan McCune, 2013/09/06
- [PATCH v2 5/5] Additional security-relevant documentation, Jon McCune, 2013/09/06

Prev by Date: Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce
Next by Date: Re: grub as option rom
Previous by thread: Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce
Next by thread: Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce
Index(es):
- Date
- Thread