[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: grub2 not using linux cmdline as verbatim

From: Andrei Borzenkov
Subject: Re: grub2 not using linux cmdline as verbatim
Date: Sat, 6 Jun 2015 10:02:39 +0300

В Fri, 05 Jun 2015 12:48:41 +0200
Jiri Jaburek <address@hidden> пишет:

> Seeing that grub2's shell language applies to the kernel cmdline as
> well, not anymore.

You misunderstand. grub2 shell language rules apply to grub2 shell
script. When grub2 parses its input it has no idea whether result will
be used as kernel command line.

If you want to fix a problem you need to correctly identify this
problem. Giving a problem completely off mark description will just
cause it to be ignored.

> The problem happens when an external pre-parser is already in place,
> sanitizing possible user input for multiple bootloaders like syslinux,
> zipl (system-z), grub1, lilo, u-boot, various EFI loaders, ..., or when
> the cmdline is specified by the user in a bootloader-agnostic way.
> In my specific example, a user wanted to pass `&' as a kernel module
> parameter value, which works just about everywhere except grub2, which
> does additional parsing on the cmdline.

Any generic tool will still need to write bootloader-specific entry, so
it needs to have bootloader-specific knowledge. It is trivial to quote
line so it will not be further interpreted by GRUB shell:

sed -e "s@'@'\\\\''@g" -e "s/\\(.*\\)/'\\1'/"

This will enclose line in single quotes and replace all existing single
quotes with '\''. Like in

address@hidden:~/src/grub> echo "xx'bb'cc" | sed -e "s@'@'\\\\''@g" -e 
'x x'\''b b'\''c c'

This works for any input.

> The point is that even if I wrote an anti-parser to grub2's parser,
> escaping quotes and sequences to make it pass the cmdline 1:1 as the
> user specified (this might include intentionally broken syntax for
> kernel testing), I can't catch everything - for example I was unable
> to make grub2 send a single `\' (backslash) character - specifying it
> twice `\\' left two characters in place (instead of one), specifying
> it once just made grub2 replace it with quotes.
> Using variables didn't help much either.

Yes, that is the problem. GRUB overquotes its input. E.g. it will change

parm="foo bar"


"parm=\"foo bar\""

which will then be interpreted by kernel as two arguments

name  = parm
value = \"foo

name  = bar\""
value = NULL

That needs fixing. Could you provide real life use-case where this
behavior causes an issue? Searching archives suggests similar problem
that is stated to be fixed.

> Considering this, would you see a feature request for parser-less
> handling of the kernel cmdline sane?

If you mean that GRUB shell should somehow foresee that input is
intended as kernel command line - that is simply not possible. If you
mean fixing overquoting of kernel arguments before they are passed to
kernel - sure, it is not feature request, it is bug fix.

BTW GRUB2 can read and interpret GRUB legacy menu.lst. You may give it
a try.

> Maybe it could be implemented as assignment of "raw" content into
> a variable and then using the variable as-is, to be more versatile.

That's already possible. Except variable assignment goes through the
same GRUB shell parsing so you just shifted your issue to another place.

> Maybe an external file with kernel cmdline (like system-z), able to
> contain even newlines or any other non-ascii bytes.

You need to give compelling arguments why you want to do it, including
real life use case examples. Although we may need to implement
arbitrary binary arguments at some point to support e.g. EFI programs.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]