Re: [PATCH v2 2/5] load_env support for whitelisting which variables are

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 2/5] load_env support for whitelisting which variables are

From:	Andrey Borzenkov
Subject:	Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce
Date:	Thu, 19 Sep 2013 14:06:34 +0400

В Thu, 19 Sep 2013 09:18:55 +0200
Vladimir 'φ-coder/phcoder' Serbinenko <address@hidden> пишет:

> On 07.09.2013 11:33, Andrey Borzenkov wrote:
> > So just use another environment block for untrusted variables, that's
> > all. I do not see why any change in sources is required.
> Trouble is that right now we unconditionally load all variables from
> block, whether trusted or not. So by modifying untrusted but loaded
> block you can override core variables i.a. check_signatures. That's why
> some ability to filter is required.
> 

Yep, I realized this after replying. So extending load_env to take
environment variable names is needed (somehow I was sure it already
supported it).

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 0/5] Enable savedefault, etc with check_signatures=enforce, Jon McCune, 2013/09/06
- [PATCH v2 1/5] style: indent --no-tabs --gnu-style grub-core/commands/loadenv.c, Jon McCune, 2013/09/06
- [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jon McCune, 2013/09/06
  - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/06
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/06
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/07
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/09
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/19
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/19
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Vladimir 'φ-coder/phcoder' Serbinenko, 2013/09/19
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov <=
- [PATCH v2 3/5] save_env should work, even if check_signatures=enforce, Jon McCune, 2013/09/06
- [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command, Jon McCune, 2013/09/06
  - Re: [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command, Andrey Borzenkov, 2013/09/06
    - Re: [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command, Jonathan McCune, 2013/09/06
- [PATCH v2 5/5] Additional security-relevant documentation, Jon McCune, 2013/09/06

Prev by Date: Re: [PATCH] Re: [grub-devel] loongson-2f mini-pc (fuloong) elf image generation.
Next by Date: Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce
Previous by thread: Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce
Next by thread: [PATCH v2 3/5] save_env should work, even if check_signatures=enforce
Index(es):
- Date
- Thread