Re: [PATCH v2 2/5] load_env support for whitelisting which variables are

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 2/5] load_env support for whitelisting which variables are

From:	Vladimir 'φ-coder/phcoder' Serbinenko
Subject:	Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce
Date:	Thu, 19 Sep 2013 09:18:55 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130821 Icedove/17.0.8

On 07.09.2013 11:33, Andrey Borzenkov wrote:
> So just use another environment block for untrusted variables, that's
> all. I do not see why any change in sources is required.
Trouble is that right now we unconditionally load all variables from
block, whether trusted or not. So by modifying untrusted but loaded
block you can override core variables i.a. check_signatures. That's why
some ability to filter is required.

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 0/5] Enable savedefault, etc with check_signatures=enforce, Jon McCune, 2013/09/06
- [PATCH v2 1/5] style: indent --no-tabs --gnu-style grub-core/commands/loadenv.c, Jon McCune, 2013/09/06
- [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jon McCune, 2013/09/06
  - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/06
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/06
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/07
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/09
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/19
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/19
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Vladimir 'φ-coder/phcoder' Serbinenko <=
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/19
- [PATCH v2 3/5] save_env should work, even if check_signatures=enforce, Jon McCune, 2013/09/06
- [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command, Jon McCune, 2013/09/06
  - Re: [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command, Andrey Borzenkov, 2013/09/06
    - Re: [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command, Jonathan McCune, 2013/09/06
- [PATCH v2 5/5] Additional security-relevant documentation, Jon McCune, 2013/09/06

Prev by Date: Re: [RFC][PATCH] Allow hotkeys to interrupt hidden menu
Next by Date: Re: [PATCH v3 3/3] Add (multiple) -k, --pubkey=FILE support to grub-install command
Previous by thread: Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce
Next by thread: Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce
Index(es):
- Date
- Thread